From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: Trond Myklebust <trond.myklebust@primarydata.com>
Cc: linuxnfs <linux-nfs@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: Question about nfs4_destroy_session()
Date: Wed, 12 Feb 2014 14:07:53 -0800 [thread overview]
Message-ID: <20140212220753.GG4250@linux.vnet.ibm.com> (raw)
In-Reply-To: <5BCC49E0-6F92-49EC-BFCD-17D5CA4D30C7@primarydata.com>
On Wed, Feb 12, 2014 at 04:55:02PM -0500, Trond Myklebust wrote:
>
> On Feb 12, 2014, at 16:42, Paul E. McKenney <paulmck@linux.vnet.ibm.com> wrote:
>
> > Hello, Trond,
> >
> > In nfs4_destroy_session(), there is an rcu_dereference() that looks to
> > leak the returned pointer out of an RCU read-side critical section.
> > If the pointed-to object might have just now been created, this is a
> > bug because xprt_destroy_backchannel() dereferences this pointer.
> >
> > So, does xprt_destroy_backchannel() exclude creation-side code? (If so,
> > no bug -- but a comment might be good.)
> >
> > Thanx, Paul
> >
> > void nfs4_destroy_session(struct nfs4_session *session)
> > {
> > struct rpc_xprt *xprt;
> > struct rpc_cred *cred;
> >
> > cred = nfs4_get_clid_cred(session->clp);
> > nfs4_proc_destroy_session(session, cred);
> > if (cred)
> > put_rpccred(cred);
> >
> > rcu_read_lock();
> > xprt = rcu_dereference(session->clp->cl_rpcclient->cl_xprt);
> > rcu_read_unlock();
> > dprintk("%s Destroy backchannel for xprt %p\n",
> > __func__, xprt);
> > xprt_destroy_backchannel(xprt, NFS41_BC_MIN_CALLBACKS);
> > nfs4_destroy_session_slot_tables(session);
> > kfree(session);
> > }
> >
>
> Hi Paul,
>
> nfs4_destroy_session() is only called when we’re tearing down the struct nfs_client that owns the cl_rppcclient, and the associated cl_xprt, so the code above should be safe, despite being ugly.
>
> Is there a better annotation for use in the above kind of situation?
One approach would be to add a comment on the rcu_dereference() stating
that creation-side code is excluded, e.g., via locking or by the data
structures no longer being accessible. Another approach would be to
move the rcu_read_unlock() to follow the xprt_destroy_backchannel(),
assuming none of the code that would be pulled into the RCU read-side
critical section can block.
The second approach would prevent false positives from the RCU pointer
leak detectors that are being worked on.
Thanx, Paul
prev parent reply other threads:[~2014-02-12 22:07 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-12 21:42 Question about nfs4_destroy_session() Paul E. McKenney
2014-02-12 21:55 ` Trond Myklebust
2014-02-12 22:07 ` Paul E. McKenney [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140212220753.GG4250@linux.vnet.ibm.com \
--to=paulmck@linux.vnet.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@primarydata.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.