Commit 277f68db authored by NeilBrown's avatar NeilBrown Committed by J. Bruce Fields

sunrpc: fix race in new cache_wait code.

If we set up to wait for a cache item to be filled in, and then find
that it is no longer pending, it could be that some other thread is
in 'cache_revisit_request' and has moved our request to its 'pending' list.
So when our setup_deferral calls cache_revisit_request it will find nothing to
put on the pending list, and do nothing.

We then return from cache_wait_req, thus leaving the 'sleeper'
on-stack structure open to being corrupted by subsequent stack usage.

However that 'sleeper' could still be on the 'pending' list that the
other thread is looking at and so any corruption could cause it to behave badly.

To avoid this race we simply take the same path as if the
'wait_for_completion_interruptible_timeout' was interrupted and if the
sleeper is no longer on the list (which it won't be) we wait on the
completion - which will ensure that any other cache_revisit_request
will have let go of the sleeper.
Signed-off-by: default avatarNeilBrown <neilb@suse.de>
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent 14ec63c3
...@@ -578,10 +578,9 @@ static int cache_wait_req(struct cache_req *req, struct cache_head *item) ...@@ -578,10 +578,9 @@ static int cache_wait_req(struct cache_req *req, struct cache_head *item)
dreq->revisit = cache_restart_thread; dreq->revisit = cache_restart_thread;
ret = setup_deferral(dreq, item); ret = setup_deferral(dreq, item);
if (ret)
return ret;
if (wait_for_completion_interruptible_timeout( if (ret ||
wait_for_completion_interruptible_timeout(
&sleeper.completion, req->thread_wait) <= 0) { &sleeper.completion, req->thread_wait) <= 0) {
/* The completion wasn't completed, so we need /* The completion wasn't completed, so we need
* to clean up * to clean up
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment