首页 发现 帮助
登录
GfA
/
linux_kernel
5
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

Merge branch 'rds-net'

Herton R. Krzesinski says:

====================
Small fixes/changes for RDS

I got a report of one issue within RDS (after investigation it was a double
free), and I'm sending the fix (patch 3/3) which reporter said it works (no more
WARNING triggered on a specially instrumented kernel). The report/test was done
on a very old kernel (RHEL 5, 2.6.18 based with backports), but the problem the
patch handles still exists and should not change. Besides that, while
reviewing some of the code but being unable to reproduce with rds_tcp, I
noticed two small improvements/fixes which are in patches 1 and 2.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller 11 年之前
父节点
ee042ec880 593cbb3ec6
当前提交
fba7516303
共有 3 个文件被更改,包括 12 次插入7 次删除
分列视图 显示文件统计
  1. 7 4
      net/rds/send.c
  2. 4 1
      net/rds/tcp_connect.c
  3. 1 2
      net/rds/threads.c

+ 7 - 4
net/rds/send.c
查看文件 

@@ -593,8 +593,11 @@ static void rds_send_remove_from_sock(struct list_head *messages, int status)
 
 				sock_put(rds_rs_to_sk(rs));
 
 			}
 
 			rs = rm->m_rs;
 
-			sock_hold(rds_rs_to_sk(rs));
 
+			if (rs)
 
+				sock_hold(rds_rs_to_sk(rs));
 
 		}
 
+		if (!rs)
 
+			goto unlock_and_drop;
 
 		spin_lock(&rs->rs_lock);
 
 
 		if (test_and_clear_bit(RDS_MSG_ON_SOCK, &rm->m_flags)) {
 
@@ -638,9 +641,6 @@ unlock_and_drop:
 
  * queue. This means that in the TCP case, the message may not have been
 
  * assigned the m_ack_seq yet - but that's fine as long as tcp_is_acked
 
  * checks the RDS_MSG_HAS_ACK_SEQ bit.
 
- *
 
- * XXX It's not clear to me how this is safely serialized with socket
 
- * destruction.  Maybe it should bail if it sees SOCK_DEAD.
 
  */
 
 void rds_send_drop_acked(struct rds_connection *conn, u64 ack,
 
 			 is_acked_func is_acked)
 
@@ -711,6 +711,9 @@ void rds_send_drop_to(struct rds_sock *rs, struct sockaddr_in *dest)
 
 		 */
 
 		if (!test_and_clear_bit(RDS_MSG_ON_CONN, &rm->m_flags)) {
 
 			spin_unlock_irqrestore(&conn->c_lock, flags);
 
+			spin_lock_irqsave(&rm->m_rs_lock, flags);
 
+			rm->m_rs = NULL;
 
+			spin_unlock_irqrestore(&rm->m_rs_lock, flags);
 
 			continue;
 
 		}
 
 		list_del_init(&rm->m_conn_item);

+ 4 - 1
net/rds/tcp_connect.c
查看文件 

@@ -106,11 +106,14 @@ int rds_tcp_conn_connect(struct rds_connection *conn)
 
 	rds_tcp_set_callbacks(sock, conn);
 
 	ret = sock->ops->connect(sock, (struct sockaddr *)&dest, sizeof(dest),
 
 				 O_NONBLOCK);
 
-	sock = NULL;
 
 
 	rdsdebug("connect to address %pI4 returned %d\n", &conn->c_faddr, ret);
 
 	if (ret == -EINPROGRESS)
 
 		ret = 0;
 
+	if (ret == 0)
 
+		sock = NULL;
 
+	else
 
+		rds_tcp_restore_callbacks(sock, conn->c_transport_data);
 
 
 out:
 
 	if (sock)

+ 1 - 2
net/rds/threads.c
查看文件 

@@ -78,8 +78,7 @@ void rds_connect_complete(struct rds_connection *conn)
 
 				"current state is %d\n",
 
 				__func__,
 
 				atomic_read(&conn->c_state));
 
-		atomic_set(&conn->c_state, RDS_CONN_ERROR);
 
-		queue_work(rds_wq, &conn->c_down_w);
 
+		rds_conn_drop(conn);
 
 		return;
 
 	}