diff options
| author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2013-01-07 14:30:46 -0500 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2013-01-08 14:30:43 -0500 |
| commit | 87ed50036b866db2ec2ba16b2a7aec4a2b0b7c39 (patch) | |
| tree | 8bd92625c340176d92ab0b77c0617bffd20a97eb /net/sunrpc | |
| parent | d287b8750e47c1702dab0e37ac11012bb751ece0 (diff) | |
SUNRPC: Ensure we release the socket write lock if the rpc_task exits early
If the rpc_task exits while holding the socket write lock before it has
allocated an rpc slot, then the usual mechanism for releasing the write
lock in xprt_release() is defeated.
The problem occurs if the call to xprt_lock_write() initially fails, so
that the rpc_task is put on the xprt->sending wait queue. If the task
exits after being assigned the lock by __xprt_lock_write_func, but
before it has retried the call to xprt_lock_and_alloc_slot(), then
it calls xprt_release() while holding the write lock, but will
immediately exit due to the test for task->tk_rqstp != NULL.
Reported-by: Chris Perl <chris.perl@gmail.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: stable@vger.kernel.org [>= 3.1]
Diffstat (limited to 'net/sunrpc')
| -rw-r--r-- | net/sunrpc/sched.c | 3 | ||||
| -rw-r--r-- | net/sunrpc/xprt.c | 12 |
2 files changed, 11 insertions, 4 deletions
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c index b4133bd13915..bfa31714581f 100644 --- a/net/sunrpc/sched.c +++ b/net/sunrpc/sched.c | |||
| @@ -972,8 +972,7 @@ static void rpc_async_release(struct work_struct *work) | |||
| 972 | 972 | ||
| 973 | static void rpc_release_resources_task(struct rpc_task *task) | 973 | static void rpc_release_resources_task(struct rpc_task *task) |
| 974 | { | 974 | { |
| 975 | if (task->tk_rqstp) | 975 | xprt_release(task); |
| 976 | xprt_release(task); | ||
| 977 | if (task->tk_msg.rpc_cred) { | 976 | if (task->tk_msg.rpc_cred) { |
| 978 | put_rpccred(task->tk_msg.rpc_cred); | 977 | put_rpccred(task->tk_msg.rpc_cred); |
| 979 | task->tk_msg.rpc_cred = NULL; | 978 | task->tk_msg.rpc_cred = NULL; |
diff --git a/net/sunrpc/xprt.c b/net/sunrpc/xprt.c index bd462a532acf..33811db8788a 100644 --- a/net/sunrpc/xprt.c +++ b/net/sunrpc/xprt.c | |||
| @@ -1136,10 +1136,18 @@ static void xprt_request_init(struct rpc_task *task, struct rpc_xprt *xprt) | |||
| 1136 | void xprt_release(struct rpc_task *task) | 1136 | void xprt_release(struct rpc_task *task) |
| 1137 | { | 1137 | { |
| 1138 | struct rpc_xprt *xprt; | 1138 | struct rpc_xprt *xprt; |
| 1139 | struct rpc_rqst *req; | 1139 | struct rpc_rqst *req = task->tk_rqstp; |
| 1140 | 1140 | ||
| 1141 | if (!(req = task->tk_rqstp)) | 1141 | if (req == NULL) { |
| 1142 | if (task->tk_client) { | ||
| 1143 | rcu_read_lock(); | ||
| 1144 | xprt = rcu_dereference(task->tk_client->cl_xprt); | ||
| 1145 | if (xprt->snd_task == task) | ||
| 1146 | xprt_release_write(xprt, task); | ||
| 1147 | rcu_read_unlock(); | ||
| 1148 | } | ||
| 1142 | return; | 1149 | return; |
| 1150 | } | ||
| 1143 | 1151 | ||
| 1144 | xprt = req->rq_xprt; | 1152 | xprt = req->rq_xprt; |
| 1145 | if (task->tk_ops->rpc_count_stats != NULL) | 1153 | if (task->tk_ops->rpc_count_stats != NULL) |