Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 87ed5003 authored by Trond Myklebust's avatar Trond Myklebust
Browse files

SUNRPC: Ensure we release the socket write lock if the rpc_task exits early 



If the rpc_task exits while holding the socket write lock before it has
allocated an rpc slot, then the usual mechanism for releasing the write
lock in xprt_release() is defeated.

The problem occurs if the call to xprt_lock_write() initially fails, so
that the rpc_task is put on the xprt->sending wait queue. If the task
exits after being assigned the lock by __xprt_lock_write_func, but
before it has retried the call to xprt_lock_and_alloc_slot(), then
it calls xprt_release() while holding the write lock, but will
immediately exit due to the test for task->tk_rqstp != NULL.

Reported-by: default avatarChris Perl <chris.perl@gmail.com>
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
Cc: stable@vger.kernel.org [>= 3.1]
parent d287b875

net/sunrpc/sched.c

+1 −2
Original line number Original line Diff line number Diff line
@@ -972,7 +972,6 @@ static void rpc_async_release(struct work_struct *work) 




static void rpc_release_resources_task(struct rpc_task *task)

static void rpc_release_resources_task(struct rpc_task *task)

{

{

	if (task->tk_rqstp)

	xprt_release(task);

	xprt_release(task);

	if (task->tk_msg.rpc_cred) {

	if (task->tk_msg.rpc_cred) {

		put_rpccred(task->tk_msg.rpc_cred);

		put_rpccred(task->tk_msg.rpc_cred);

net/sunrpc/xprt.c

+10 −2
Original line number Original line Diff line number Diff line
@@ -1136,10 +1136,18 @@ static void xprt_request_init(struct rpc_task *task, struct rpc_xprt *xprt) 
void xprt_release(struct rpc_task *task)

void xprt_release(struct rpc_task *task)

{

{

	struct rpc_xprt	*xprt;

	struct rpc_xprt	*xprt;

	struct rpc_rqst	*req;

	struct rpc_rqst	*req = task->tk_rqstp;





	if (!(req = task->tk_rqstp))

	if (req == NULL) {

		if (task->tk_client) {

			rcu_read_lock();

			xprt = rcu_dereference(task->tk_client->cl_xprt);

			if (xprt->snd_task == task)

				xprt_release_write(xprt, task);

			rcu_read_unlock();

		}

		return;

		return;

	}





	xprt = req->rq_xprt;

	xprt = req->rq_xprt;

	if (task->tk_ops->rpc_count_stats != NULL)

	if (task->tk_ops->rpc_count_stats != NULL)