[ 028/128] SUNRPC: Ensure we release the socket write lock if the rpc_taskexits early

From: Ben Hutchings
Date: Sun Feb 03 2013 - 10:18:40 EST

Next message: Ben Hutchings: "[ 034/128] tcm_fc: Do not report target role when target is not defined"
Previous message: Ben Hutchings: "Re: [ 058/128] ARM: 7628/1: head.S: map one extra section for theATAG/DTB area"
In reply to: Ben Hutchings: "[ 039/128] USB: option: add Nexpring NP10T terminal id"
Next in thread: Ben Hutchings: "[ 034/128] tcm_fc: Do not report target role when target is not defined"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.2-stable review patch. If anyone has any objections, please let me know.

------------------

From: Trond Myklebust <Trond.Myklebust@xxxxxxxxxx>

commit 87ed50036b866db2ec2ba16b2a7aec4a2b0b7c39 upstream.

If the rpc_task exits while holding the socket write lock before it has
allocated an rpc slot, then the usual mechanism for releasing the write
lock in xprt_release() is defeated.

The problem occurs if the call to xprt_lock_write() initially fails, so
that the rpc_task is put on the xprt->sending wait queue. If the task
exits after being assigned the lock by __xprt_lock_write_func, but
before it has retried the call to xprt_lock_and_alloc_slot(), then
it calls xprt_release() while holding the write lock, but will
immediately exit due to the test for task->tk_rqstp != NULL.

Reported-by: Chris Perl <chris.perl@xxxxxxxxx>
Signed-off-by: Trond Myklebust <Trond.Myklebust@xxxxxxxxxx>
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
net/sunrpc/sched.c | 3 +--
net/sunrpc/xprt.c | 12 ++++++++++--
2 files changed, 11 insertions(+), 4 deletions(-)

--- a/net/sunrpc/sched.c
+++ b/net/sunrpc/sched.c
@@ -918,8 +918,7 @@ static void rpc_async_release(struct wor

static void rpc_release_resources_task(struct rpc_task *task)
{
- if (task->tk_rqstp)
- xprt_release(task);
+ xprt_release(task);
if (task->tk_msg.rpc_cred) {
put_rpccred(task->tk_msg.rpc_cred);
task->tk_msg.rpc_cred = NULL;
--- a/net/sunrpc/xprt.c
+++ b/net/sunrpc/xprt.c
@@ -1132,10 +1132,18 @@ static void xprt_request_init(struct rpc
void xprt_release(struct rpc_task *task)
{
struct rpc_xprt *xprt;
- struct rpc_rqst *req;
+ struct rpc_rqst *req = task->tk_rqstp;

- if (!(req = task->tk_rqstp))
+ if (req == NULL) {
+ if (task->tk_client) {
+ rcu_read_lock();
+ xprt = rcu_dereference(task->tk_client->cl_xprt);
+ if (xprt->snd_task == task)
+ xprt_release_write(xprt, task);
+ rcu_read_unlock();
+ }
return;
+ }

xprt = req->rq_xprt;
rpc_count_iostats(task);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ben Hutchings: "[ 034/128] tcm_fc: Do not report target role when target is not defined"
Previous message: Ben Hutchings: "Re: [ 058/128] ARM: 7628/1: head.S: map one extra section for theATAG/DTB area"
In reply to: Ben Hutchings: "[ 039/128] USB: option: add Nexpring NP10T terminal id"
Next in thread: Ben Hutchings: "[ 034/128] tcm_fc: Do not report target role when target is not defined"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]