]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
3.14-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 2 May 2016 23:56:22 +0000 (16:56 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 2 May 2016 23:56:22 +0000 (16:56 -0700)
added patches:
sunrpc-cache-drop-reference-when-sunrpc_cache_pipe_upcall-detects-a-race.patch

queue-3.14/series
queue-3.14/sunrpc-cache-drop-reference-when-sunrpc_cache_pipe_upcall-detects-a-race.patch [new file with mode: 0644]

index 52d041496f2543148b671c4c0fcbe46d25981d35..f1db51eb95e48502a92ab7c37abe6e5eecca9637 100644 (file)
@@ -34,3 +34,4 @@ arm-omap3-add-cpuidle-parameters-table-for-omap3430.patch
 bus-imx-weim-take-the-status-property-value-into-account.patch
 jme-do-not-enable-nic-wol-functions-on-s0.patch
 jme-fix-device-pm-wakeup-api-usage.patch
+sunrpc-cache-drop-reference-when-sunrpc_cache_pipe_upcall-detects-a-race.patch
diff --git a/queue-3.14/sunrpc-cache-drop-reference-when-sunrpc_cache_pipe_upcall-detects-a-race.patch b/queue-3.14/sunrpc-cache-drop-reference-when-sunrpc_cache_pipe_upcall-detects-a-race.patch
new file mode 100644 (file)
index 0000000..3820959
--- /dev/null
@@ -0,0 +1,45 @@
+From a6ab1e8126d205238defbb55d23661a3a5c6a0d8 Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.com>
+Date: Fri, 4 Mar 2016 17:20:13 +1100
+Subject: sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a race
+
+From: NeilBrown <neilb@suse.com>
+
+commit a6ab1e8126d205238defbb55d23661a3a5c6a0d8 upstream.
+
+sunrpc_cache_pipe_upcall() can detect a race if CACHE_PENDING is no longer
+set.  In this case it aborts the queuing of the upcall.
+However it has already taken a new counted reference on "h" and
+doesn't "put" it, even though it frees the data structure holding the reference.
+
+So let's delay the "cache_get" until we know we need it.
+
+Fixes: f9e1aedc6c79 ("sunrpc/cache: remove races with queuing an upcall.")
+Signed-off-by: NeilBrown <neilb@suse.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/sunrpc/cache.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/net/sunrpc/cache.c
++++ b/net/sunrpc/cache.c
+@@ -1187,14 +1187,14 @@ int sunrpc_cache_pipe_upcall(struct cach
+       }
+       crq->q.reader = 0;
+-      crq->item = cache_get(h);
+       crq->buf = buf;
+       crq->len = 0;
+       crq->readers = 0;
+       spin_lock(&queue_lock);
+-      if (test_bit(CACHE_PENDING, &h->flags))
++      if (test_bit(CACHE_PENDING, &h->flags)) {
++              crq->item = cache_get(h);
+               list_add_tail(&crq->q.list, &detail->queue);
+-      else
++      } else
+               /* Lost a race, no longer PENDING, so don't enqueue */
+               ret = -EAGAIN;
+       spin_unlock(&queue_lock);