aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Derr <simon.derr@bull.net>2012-09-17 09:16:28 -0400
committerEric Van Hensbergen <ericvh@gmail.com>2012-09-17 15:54:11 -0400
commit0462194d358c2e040282d4d1a4fd1aab84417e42 (patch)
treeb89845ce0e5bccbbf681b12e07cc4d4c72105c2c
parente549c1337133e85a6d6bc868d2d141a61a80975c (diff)
9P: Fix race in p9_read_work()
Race scenario between p9_read_work() and p9_poll_mux() Data arrive, Rworksched is set, p9_read_work() is called. thread A thread B p9_read_work() . reads data . checks if new data ready. No. . gets preempted . More data arrive, p9_poll_mux() is called. . . . p9_poll_mux() . . if (!test_and_set_bit(Rworksched, . &m->wsched)) { . schedule_work(&m->rq); . } . . -> does not schedule work because . Rworksched is set . . clear_bit(Rworksched, &m->wsched); return; No work has been scheduled, and yet data are waiting. Currently p9_read_work() checks if there is data to read, and if not, it clears Rworksched. I think it should clear Rworksched first, and then check if there is data to read. Signed-off-by: Simon Derr <simon.derr@bull.net> Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
-rw-r--r--net/9p/trans_fd.c14
1 files changed, 7 insertions, 7 deletions
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
index 6449bae15702..de1bbad0c7de 100644
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -316,8 +316,7 @@ static void p9_read_work(struct work_struct *work)
316 m->rsize - m->rpos); 316 m->rsize - m->rpos);
317 p9_debug(P9_DEBUG_TRANS, "mux %p got %d bytes\n", m, err); 317 p9_debug(P9_DEBUG_TRANS, "mux %p got %d bytes\n", m, err);
318 if (err == -EAGAIN) { 318 if (err == -EAGAIN) {
319 clear_bit(Rworksched, &m->wsched); 319 goto end_clear;
320 return;
321 } 320 }
322 321
323 if (err <= 0) 322 if (err <= 0)
@@ -379,19 +378,20 @@ static void p9_read_work(struct work_struct *work)
379 m->req = NULL; 378 m->req = NULL;
380 } 379 }
381 380
381end_clear:
382 clear_bit(Rworksched, &m->wsched);
383
382 if (!list_empty(&m->req_list)) { 384 if (!list_empty(&m->req_list)) {
383 if (test_and_clear_bit(Rpending, &m->wsched)) 385 if (test_and_clear_bit(Rpending, &m->wsched))
384 n = POLLIN; 386 n = POLLIN;
385 else 387 else
386 n = p9_fd_poll(m->client, NULL); 388 n = p9_fd_poll(m->client, NULL);
387 389
388 if (n & POLLIN) { 390 if ((n & POLLIN) && !test_and_set_bit(Rworksched, &m->wsched)) {
389 p9_debug(P9_DEBUG_TRANS, "sched read work %p\n", m); 391 p9_debug(P9_DEBUG_TRANS, "sched read work %p\n", m);
390 schedule_work(&m->rq); 392 schedule_work(&m->rq);
391 } else 393 }
392 clear_bit(Rworksched, &m->wsched); 394 }
393 } else
394 clear_bit(Rworksched, &m->wsched);
395 395
396 return; 396 return;
397error: 397error: