diff options
author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2011-07-06 19:58:23 -0400 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2011-07-07 20:45:37 -0400 |
commit | b55c59892e1f3b6c7d4b9ccffb4263e1486fb990 (patch) | |
tree | 1fbcb0cd1febf70dc6ae6ded0e3b98ae738c1ef8 /net/sunrpc | |
parent | 2bea038c52e88badbbd5b420c1de918f7f2579e9 (diff) |
SUNRPC: Fix a race between work-queue and rpc_killall_tasks
Since rpc_killall_tasks may modify the rpc_task's tk_action field
without any locking, we need to be careful when dereferencing it.
Reported-by: Ben Greear <greearb@candelatech.com>
Tested-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: stable@kernel.org
Diffstat (limited to 'net/sunrpc')
-rw-r--r-- | net/sunrpc/sched.c | 27 |
1 files changed, 11 insertions, 16 deletions
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c index a27406b1654f..4814e246a874 100644 --- a/net/sunrpc/sched.c +++ b/net/sunrpc/sched.c | |||
@@ -616,30 +616,25 @@ static void __rpc_execute(struct rpc_task *task) | |||
616 | BUG_ON(RPC_IS_QUEUED(task)); | 616 | BUG_ON(RPC_IS_QUEUED(task)); |
617 | 617 | ||
618 | for (;;) { | 618 | for (;;) { |
619 | void (*do_action)(struct rpc_task *); | ||
619 | 620 | ||
620 | /* | 621 | /* |
621 | * Execute any pending callback. | 622 | * Execute any pending callback first. |
622 | */ | 623 | */ |
623 | if (task->tk_callback) { | 624 | do_action = task->tk_callback; |
624 | void (*save_callback)(struct rpc_task *); | 625 | task->tk_callback = NULL; |
625 | 626 | if (do_action == NULL) { | |
626 | /* | ||
627 | * We set tk_callback to NULL before calling it, | ||
628 | * in case it sets the tk_callback field itself: | ||
629 | */ | ||
630 | save_callback = task->tk_callback; | ||
631 | task->tk_callback = NULL; | ||
632 | save_callback(task); | ||
633 | } else { | ||
634 | /* | 627 | /* |
635 | * Perform the next FSM step. | 628 | * Perform the next FSM step. |
636 | * tk_action may be NULL when the task has been killed | 629 | * tk_action may be NULL if the task has been killed. |
637 | * by someone else. | 630 | * In particular, note that rpc_killall_tasks may |
631 | * do this at any time, so beware when dereferencing. | ||
638 | */ | 632 | */ |
639 | if (task->tk_action == NULL) | 633 | do_action = task->tk_action; |
634 | if (do_action == NULL) | ||
640 | break; | 635 | break; |
641 | task->tk_action(task); | ||
642 | } | 636 | } |
637 | do_action(task); | ||
643 | 638 | ||
644 | /* | 639 | /* |
645 | * Lockless check for whether task is sleeping or not. | 640 | * Lockless check for whether task is sleeping or not. |