Home Home > GIT Browse > stable
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Slaby <jslaby@suse.cz>2019-02-15 10:23:48 +0100
committerJiri Slaby <jslaby@suse.cz>2019-02-15 10:24:16 +0100
commit17417cca092024db5bcc098b54625c0ba75b1115 (patch)
tree8dc93ab7b7c40a16f71b6e0d5cd12f64a6216e22
parent2e826657dc5cc2a0e33b86eb31b23e1e728b6931 (diff)
libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive()
-rw-r--r--patches.kernel.org/4.20.9-047-libceph-avoid-KEEPALIVE_PENDING-races-in-ceph_.patch66
-rw-r--r--series.conf1
2 files changed, 67 insertions, 0 deletions
diff --git a/patches.kernel.org/4.20.9-047-libceph-avoid-KEEPALIVE_PENDING-races-in-ceph_.patch b/patches.kernel.org/4.20.9-047-libceph-avoid-KEEPALIVE_PENDING-races-in-ceph_.patch
new file mode 100644
index 0000000000..907c01e62c
--- /dev/null
+++ b/patches.kernel.org/4.20.9-047-libceph-avoid-KEEPALIVE_PENDING-races-in-ceph_.patch
@@ -0,0 +1,66 @@
+From: Ilya Dryomov <idryomov@gmail.com>
+Date: Mon, 14 Jan 2019 21:13:10 +0100
+Subject: [PATCH] libceph: avoid KEEPALIVE_PENDING races in
+ ceph_con_keepalive()
+References: bnc#1012628
+Patch-mainline: 4.20.9
+Git-commit: 4aac9228d16458cedcfd90c7fb37211cf3653ac3
+
+commit 4aac9228d16458cedcfd90c7fb37211cf3653ac3 upstream.
+
+con_fault() can transition the connection into STANDBY right after
+ceph_con_keepalive() clears STANDBY in clear_standby():
+
+ libceph user thread ceph-msgr worker
+
+ceph_con_keepalive()
+ mutex_lock(&con->mutex)
+ clear_standby(con)
+ mutex_unlock(&con->mutex)
+ mutex_lock(&con->mutex)
+ con_fault()
+ ...
+ if KEEPALIVE_PENDING isn't set
+ set state to STANDBY
+ ...
+ mutex_unlock(&con->mutex)
+ set KEEPALIVE_PENDING
+ set WRITE_PENDING
+
+This triggers warnings in clear_standby() when either ceph_con_send()
+or ceph_con_keepalive() get to clearing STANDBY next time.
+
+I don't see a reason to condition queue_con() call on the previous
+value of KEEPALIVE_PENDING, so move the setting of KEEPALIVE_PENDING
+into the critical section -- unlike WRITE_PENDING, KEEPALIVE_PENDING
+could have been a non-atomic flag.
+
+Reported-by: syzbot+acdeb633f6211ccdf886@syzkaller.appspotmail.com
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Tested-by: Myungho Jung <mhjungk@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/ceph/messenger.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
+index 2f126eff275d..664f886f464d 100644
+--- a/net/ceph/messenger.c
++++ b/net/ceph/messenger.c
+@@ -3219,9 +3219,10 @@ void ceph_con_keepalive(struct ceph_connection *con)
+ dout("con_keepalive %p\n", con);
+ mutex_lock(&con->mutex);
+ clear_standby(con);
++ con_flag_set(con, CON_FLAG_KEEPALIVE_PENDING);
+ mutex_unlock(&con->mutex);
+- if (con_flag_test_and_set(con, CON_FLAG_KEEPALIVE_PENDING) == 0 &&
+- con_flag_test_and_set(con, CON_FLAG_WRITE_PENDING) == 0)
++
++ if (con_flag_test_and_set(con, CON_FLAG_WRITE_PENDING) == 0)
+ queue_con(con);
+ }
+ EXPORT_SYMBOL(ceph_con_keepalive);
+--
+2.20.1
+
diff --git a/series.conf b/series.conf
index 7ace198f37..d1432e43fd 100644
--- a/series.conf
+++ b/series.conf
@@ -1129,6 +1129,7 @@
patches.kernel.org/4.20.9-044-xfrm-Make-set-mark-default-behavior-backward-c.patch
patches.kernel.org/4.20.9-045-drm-i915-Try-to-sanitize-bogus-DPLL-state-left.patch
patches.kernel.org/4.20.9-046-Revert-ext4-use-ext4_write_inode-when-fsyncing.patch
+ patches.kernel.org/4.20.9-047-libceph-avoid-KEEPALIVE_PENDING-races-in-ceph_.patch
########################################################
# Build fixes that apply to the vanilla kernel too.