diff options
| author | Trond Myklebust <trond.myklebust@hammerspace.com> | 2019-02-26 06:33:02 -0500 |
|---|---|---|
| committer | Trond Myklebust <trond.myklebust@hammerspace.com> | 2019-02-26 06:33:02 -0500 |
| commit | a73881c96d73ee72b7dbbd38a6eeef66182a8ef7 (patch) | |
| tree | 79231cf32ea2eef39adc0be675ec93a9cd48969e | |
| parent | 06b5fc3ad94eebf25d5abc07f84e16b8b33dcf8c (diff) | |
SUNRPC: Fix an Oops in udp_poll()
udp_poll() checks the struct file for the O_NONBLOCK flag, so we must not
call it with a NULL file pointer.
Fixes: 0ffe86f48026 ("SUNRPC: Use poll() to fix up the socket requeue races")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
| -rw-r--r-- | include/linux/sunrpc/xprtsock.h | 1 | ||||
| -rw-r--r-- | net/sunrpc/xprtsock.c | 21 |
2 files changed, 20 insertions, 2 deletions
diff --git a/include/linux/sunrpc/xprtsock.h b/include/linux/sunrpc/xprtsock.h index 458bfe0137f5..b81d0b3e0799 100644 --- a/include/linux/sunrpc/xprtsock.h +++ b/include/linux/sunrpc/xprtsock.h | |||
| @@ -26,6 +26,7 @@ struct sock_xprt { | |||
| 26 | */ | 26 | */ |
| 27 | struct socket * sock; | 27 | struct socket * sock; |
| 28 | struct sock * inet; | 28 | struct sock * inet; |
| 29 | struct file * file; | ||
| 29 | 30 | ||
| 30 | /* | 31 | /* |
| 31 | * State of TCP reply receive | 32 | * State of TCP reply receive |
diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c index 53de72d2dded..e829036ed81f 100644 --- a/net/sunrpc/xprtsock.c +++ b/net/sunrpc/xprtsock.c | |||
| @@ -670,7 +670,8 @@ out_err: | |||
| 670 | 670 | ||
| 671 | static __poll_t xs_poll_socket(struct sock_xprt *transport) | 671 | static __poll_t xs_poll_socket(struct sock_xprt *transport) |
| 672 | { | 672 | { |
| 673 | return transport->sock->ops->poll(NULL, transport->sock, NULL); | 673 | return transport->sock->ops->poll(transport->file, transport->sock, |
| 674 | NULL); | ||
| 674 | } | 675 | } |
| 675 | 676 | ||
| 676 | static bool xs_poll_socket_readable(struct sock_xprt *transport) | 677 | static bool xs_poll_socket_readable(struct sock_xprt *transport) |
| @@ -1253,6 +1254,7 @@ static void xs_reset_transport(struct sock_xprt *transport) | |||
| 1253 | struct socket *sock = transport->sock; | 1254 | struct socket *sock = transport->sock; |
| 1254 | struct sock *sk = transport->inet; | 1255 | struct sock *sk = transport->inet; |
| 1255 | struct rpc_xprt *xprt = &transport->xprt; | 1256 | struct rpc_xprt *xprt = &transport->xprt; |
| 1257 | struct file *filp = transport->file; | ||
| 1256 | 1258 | ||
| 1257 | if (sk == NULL) | 1259 | if (sk == NULL) |
| 1258 | return; | 1260 | return; |
| @@ -1266,6 +1268,7 @@ static void xs_reset_transport(struct sock_xprt *transport) | |||
| 1266 | write_lock_bh(&sk->sk_callback_lock); | 1268 | write_lock_bh(&sk->sk_callback_lock); |
| 1267 | transport->inet = NULL; | 1269 | transport->inet = NULL; |
| 1268 | transport->sock = NULL; | 1270 | transport->sock = NULL; |
| 1271 | transport->file = NULL; | ||
| 1269 | 1272 | ||
| 1270 | sk->sk_user_data = NULL; | 1273 | sk->sk_user_data = NULL; |
| 1271 | 1274 | ||
| @@ -1278,7 +1281,7 @@ static void xs_reset_transport(struct sock_xprt *transport) | |||
| 1278 | mutex_unlock(&transport->recv_mutex); | 1281 | mutex_unlock(&transport->recv_mutex); |
| 1279 | 1282 | ||
| 1280 | trace_rpc_socket_close(xprt, sock); | 1283 | trace_rpc_socket_close(xprt, sock); |
| 1281 | sock_release(sock); | 1284 | fput(filp); |
| 1282 | 1285 | ||
| 1283 | xprt_disconnect_done(xprt); | 1286 | xprt_disconnect_done(xprt); |
| 1284 | } | 1287 | } |
| @@ -1873,6 +1876,7 @@ static struct socket *xs_create_sock(struct rpc_xprt *xprt, | |||
| 1873 | struct sock_xprt *transport, int family, int type, | 1876 | struct sock_xprt *transport, int family, int type, |
| 1874 | int protocol, bool reuseport) | 1877 | int protocol, bool reuseport) |
| 1875 | { | 1878 | { |
| 1879 | struct file *filp; | ||
| 1876 | struct socket *sock; | 1880 | struct socket *sock; |
| 1877 | int err; | 1881 | int err; |
| 1878 | 1882 | ||
| @@ -1893,6 +1897,11 @@ static struct socket *xs_create_sock(struct rpc_xprt *xprt, | |||
| 1893 | goto out; | 1897 | goto out; |
| 1894 | } | 1898 | } |
| 1895 | 1899 | ||
| 1900 | filp = sock_alloc_file(sock, O_NONBLOCK, NULL); | ||
| 1901 | if (IS_ERR(filp)) | ||
| 1902 | return ERR_CAST(filp); | ||
| 1903 | transport->file = filp; | ||
| 1904 | |||
| 1896 | return sock; | 1905 | return sock; |
| 1897 | out: | 1906 | out: |
| 1898 | return ERR_PTR(err); | 1907 | return ERR_PTR(err); |
| @@ -1938,6 +1947,7 @@ static int xs_local_finish_connecting(struct rpc_xprt *xprt, | |||
| 1938 | static int xs_local_setup_socket(struct sock_xprt *transport) | 1947 | static int xs_local_setup_socket(struct sock_xprt *transport) |
| 1939 | { | 1948 | { |
| 1940 | struct rpc_xprt *xprt = &transport->xprt; | 1949 | struct rpc_xprt *xprt = &transport->xprt; |
| 1950 | struct file *filp; | ||
| 1941 | struct socket *sock; | 1951 | struct socket *sock; |
| 1942 | int status = -EIO; | 1952 | int status = -EIO; |
| 1943 | 1953 | ||
| @@ -1950,6 +1960,13 @@ static int xs_local_setup_socket(struct sock_xprt *transport) | |||
| 1950 | } | 1960 | } |
| 1951 | xs_reclassify_socket(AF_LOCAL, sock); | 1961 | xs_reclassify_socket(AF_LOCAL, sock); |
| 1952 | 1962 | ||
| 1963 | filp = sock_alloc_file(sock, O_NONBLOCK, NULL); | ||
| 1964 | if (IS_ERR(filp)) { | ||
| 1965 | status = PTR_ERR(filp); | ||
| 1966 | goto out; | ||
| 1967 | } | ||
| 1968 | transport->file = filp; | ||
| 1969 | |||
| 1953 | dprintk("RPC: worker connecting xprt %p via AF_LOCAL to %s\n", | 1970 | dprintk("RPC: worker connecting xprt %p via AF_LOCAL to %s\n", |
| 1954 | xprt, xprt->address_strings[RPC_DISPLAY_ADDR]); | 1971 | xprt, xprt->address_strings[RPC_DISPLAY_ADDR]); |
| 1955 | 1972 | ||