Home Home > GIT Browse > SLE12-SP3-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuis Henriques <lhenriques@suse.com>2019-02-18 15:52:10 +0000
committerLuis Henriques <lhenriques@suse.com>2019-02-18 15:52:14 +0000
commit7dff7755ad35f1f80248df5bbd2ec8dcdbc489f6 (patch)
tree2032c35d5effe5eb32834046538b82ad50b654e1
parent3ea90154cb0f2ba95a602716d8e56a72b727c96a (diff)
libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive()
(bsc#1125810).
-rw-r--r--patches.fixes/libceph-avoid-keepalive_pending-races-in-ceph_con_keepalive.patch57
-rw-r--r--series.conf1
2 files changed, 58 insertions, 0 deletions
diff --git a/patches.fixes/libceph-avoid-keepalive_pending-races-in-ceph_con_keepalive.patch b/patches.fixes/libceph-avoid-keepalive_pending-races-in-ceph_con_keepalive.patch
new file mode 100644
index 0000000000..d0b84ee127
--- /dev/null
+++ b/patches.fixes/libceph-avoid-keepalive_pending-races-in-ceph_con_keepalive.patch
@@ -0,0 +1,57 @@
+From: Ilya Dryomov <idryomov@gmail.com>
+Date: Mon, 14 Jan 2019 21:13:10 +0100
+Subject: libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive()
+Git-commit: 4aac9228d16458cedcfd90c7fb37211cf3653ac3
+Patch-mainline: v5.0-rc4
+References: bsc#1125810
+
+con_fault() can transition the connection into STANDBY right after
+ceph_con_keepalive() clears STANDBY in clear_standby():
+
+ libceph user thread ceph-msgr worker
+
+ceph_con_keepalive()
+ mutex_lock(&con->mutex)
+ clear_standby(con)
+ mutex_unlock(&con->mutex)
+ mutex_lock(&con->mutex)
+ con_fault()
+ ...
+ if KEEPALIVE_PENDING isn't set
+ set state to STANDBY
+ ...
+ mutex_unlock(&con->mutex)
+ set KEEPALIVE_PENDING
+ set WRITE_PENDING
+
+This triggers warnings in clear_standby() when either ceph_con_send()
+or ceph_con_keepalive() get to clearing STANDBY next time.
+
+I don't see a reason to condition queue_con() call on the previous
+value of KEEPALIVE_PENDING, so move the setting of KEEPALIVE_PENDING
+into the critical section -- unlike WRITE_PENDING, KEEPALIVE_PENDING
+could have been a non-atomic flag.
+
+Reported-by: syzbot+acdeb633f6211ccdf886@syzkaller.appspotmail.com
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Tested-by: Myungho Jung <mhjungk@gmail.com>
+Acked-by: Luis Henriques <lhenriques@suse.com>
+---
+ net/ceph/messenger.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/net/ceph/messenger.c
++++ b/net/ceph/messenger.c
+@@ -3208,9 +3208,10 @@ void ceph_con_keepalive(struct ceph_conn
+ dout("con_keepalive %p\n", con);
+ mutex_lock(&con->mutex);
+ clear_standby(con);
++ con_flag_set(con, CON_FLAG_KEEPALIVE_PENDING);
+ mutex_unlock(&con->mutex);
+- if (con_flag_test_and_set(con, CON_FLAG_KEEPALIVE_PENDING) == 0 &&
+- con_flag_test_and_set(con, CON_FLAG_WRITE_PENDING) == 0)
++
++ if (con_flag_test_and_set(con, CON_FLAG_WRITE_PENDING) == 0)
+ queue_con(con);
+ }
+ EXPORT_SYMBOL(ceph_con_keepalive);
diff --git a/series.conf b/series.conf
index 9c54414a1c..db7adc2a0f 100644
--- a/series.conf
+++ b/series.conf
@@ -24250,6 +24250,7 @@
patches.fixes/rbd-don-t-return-0-on-unmap-if-rbd_dev_flag_removing-is-set.patch
patches.suse/tty-Don-t-hold-ldisc-lock-in-tty_reopen-if-ldisc-pre.patch
patches.fixes/ceph-clear-inode-pointer-when-snap-realm-gets-dropped-by-its-inode.patch
+ patches.fixes/libceph-avoid-keepalive_pending-races-in-ceph_con_keepalive.patch
patches.drivers/ibmveth-Do-not-process-frames-after-calling-napi_res.patch
patches.fixes/acpi-nfit-block-function-zero-dsms.patch
patches.fixes/acpi-nfit-fix-command-supported-detection.patch