Commit 88d6d79b authored by Trond Myklebust's avatar Trond Myklebust Committed by Ben Hutchings

SUNRPC: Ensure we release the socket write lock if the rpc_task exits early

commit 87ed5003 upstream.

If the rpc_task exits while holding the socket write lock before it has
allocated an rpc slot, then the usual mechanism for releasing the write
lock in xprt_release() is defeated.

The problem occurs if the call to xprt_lock_write() initially fails, so
that the rpc_task is put on the xprt->sending wait queue. If the task
exits after being assigned the lock by __xprt_lock_write_func, but
before it has retried the call to xprt_lock_and_alloc_slot(), then
it calls xprt_release() while holding the write lock, but will
immediately exit due to the test for task->tk_rqstp != NULL.
Reported-by: default avatarChris Perl <chris.perl@gmail.com>
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
parent 96908901
...@@ -918,7 +918,6 @@ static void rpc_async_release(struct work_struct *work) ...@@ -918,7 +918,6 @@ static void rpc_async_release(struct work_struct *work)
static void rpc_release_resources_task(struct rpc_task *task) static void rpc_release_resources_task(struct rpc_task *task)
{ {
if (task->tk_rqstp)
xprt_release(task); xprt_release(task);
if (task->tk_msg.rpc_cred) { if (task->tk_msg.rpc_cred) {
put_rpccred(task->tk_msg.rpc_cred); put_rpccred(task->tk_msg.rpc_cred);
......
...@@ -1132,10 +1132,18 @@ static void xprt_request_init(struct rpc_task *task, struct rpc_xprt *xprt) ...@@ -1132,10 +1132,18 @@ static void xprt_request_init(struct rpc_task *task, struct rpc_xprt *xprt)
void xprt_release(struct rpc_task *task) void xprt_release(struct rpc_task *task)
{ {
struct rpc_xprt *xprt; struct rpc_xprt *xprt;
struct rpc_rqst *req; struct rpc_rqst *req = task->tk_rqstp;
if (!(req = task->tk_rqstp)) if (req == NULL) {
if (task->tk_client) {
rcu_read_lock();
xprt = rcu_dereference(task->tk_client->cl_xprt);
if (xprt->snd_task == task)
xprt_release_write(xprt, task);
rcu_read_unlock();
}
return; return;
}
xprt = req->rq_xprt; xprt = req->rq_xprt;
rpc_count_iostats(task); rpc_count_iostats(task);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment