From: Rusty Russell <rusty@rustcorp.com.au>
Date: Mon, 15 Nov 2010 07:10:47 +0000 (+1030)
Subject: tdb2: coalescing race fix #1
X-Git-Url: http://git.ozlabs.org/?p=ccan;a=commitdiff_plain;h=b547900937973a8079101fe728e243ced3290caf

tdb2: coalescing race fix #1

When coalescing, we check the adjacent entry then lock its free list: we
need to *recheck* after locking, to make sure it's still in that free list.
---

diff --git a/ccan/tdb2/free.c b/ccan/tdb2/free.c
index e6e77bf6..c19b14a8 100644
--- a/ccan/tdb2/free.c
+++ b/ccan/tdb2/free.c
@@ -319,6 +319,13 @@ static int coalesce(struct tdb_context *tdb,
 			break;
 		}
 
+		if (unlikely(bucket_off(zone_off,
+					size_to_bucket(zone_bits, r->data_len))
+			     != nb_off)) {
+			tdb_unlock_free_bucket(tdb, nb_off);
+			break;
+		}
+
 		if (remove_from_list(tdb, nb_off, end, r) == -1) {
 			tdb_unlock_free_bucket(tdb, nb_off);
 			goto err;