From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Ilya Dryomov <idryomov@gmail.com>,
Sasha Levin <sashal@kernel.org>,
ceph-devel@vger.kernel.org, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.14 22/40] libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive()
Date: Thu, 14 Feb 2019 21:12:55 -0500 [thread overview]
Message-ID: <20190215021313.178476-22-sashal@kernel.org> (raw)
In-Reply-To: <20190215021313.178476-1-sashal@kernel.org>
From: Ilya Dryomov <idryomov@gmail.com>
[ Upstream commit 4aac9228d16458cedcfd90c7fb37211cf3653ac3 ]
con_fault() can transition the connection into STANDBY right after
ceph_con_keepalive() clears STANDBY in clear_standby():
libceph user thread ceph-msgr worker
ceph_con_keepalive()
mutex_lock(&con->mutex)
clear_standby(con)
mutex_unlock(&con->mutex)
mutex_lock(&con->mutex)
con_fault()
...
if KEEPALIVE_PENDING isn't set
set state to STANDBY
...
mutex_unlock(&con->mutex)
set KEEPALIVE_PENDING
set WRITE_PENDING
This triggers warnings in clear_standby() when either ceph_con_send()
or ceph_con_keepalive() get to clearing STANDBY next time.
I don't see a reason to condition queue_con() call on the previous
value of KEEPALIVE_PENDING, so move the setting of KEEPALIVE_PENDING
into the critical section -- unlike WRITE_PENDING, KEEPALIVE_PENDING
could have been a non-atomic flag.
Reported-by: syzbot+acdeb633f6211ccdf886@syzkaller.appspotmail.com
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Tested-by: Myungho Jung <mhjungk@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ceph/messenger.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index f864807284d4..5fd222dc64b3 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -3210,9 +3210,10 @@ void ceph_con_keepalive(struct ceph_connection *con)
dout("con_keepalive %p\n", con);
mutex_lock(&con->mutex);
clear_standby(con);
+ con_flag_set(con, CON_FLAG_KEEPALIVE_PENDING);
mutex_unlock(&con->mutex);
- if (con_flag_test_and_set(con, CON_FLAG_KEEPALIVE_PENDING) == 0 &&
- con_flag_test_and_set(con, CON_FLAG_WRITE_PENDING) == 0)
+
+ if (con_flag_test_and_set(con, CON_FLAG_WRITE_PENDING) == 0)
queue_con(con);
}
EXPORT_SYMBOL(ceph_con_keepalive);
--
2.19.1
next prev parent reply other threads:[~2019-02-15 2:12 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-15 2:12 [PATCH AUTOSEL 4.14 01/40] drm/msm: Unblock writer if reader closes file Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 02/40] ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 03/40] ALSA: compress: prevent potential divide by zero bugs Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 04/40] ASoC: Variable "val" in function rt274_i2c_probe() could be uninitialized Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 05/40] clk: vc5: Abort clock configuration without upstream clock Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 06/40] thermal: int340x_thermal: Fix a NULL vs IS_ERR() check Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 07/40] usb: dwc3: gadget: synchronize_irq dwc irq in suspend Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 08/40] usb: dwc3: gadget: Fix the uninitialized link_state when udc starts Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 09/40] usb: gadget: Potential NULL dereference on allocation error Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 10/40] genirq: Make sure the initial affinity is not empty Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 11/40] ASoC: dapm: change snprintf to scnprintf for possible overflow Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 12/40] ASoC: imx-audmux: " Sasha Levin
2019-02-15 2:12 ` Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 13/40] selftests: seccomp: use LDLIBS instead of LDFLAGS sashal
2019-02-15 2:12 ` Sasha Levin
2019-02-15 2:12 ` Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 14/40] selftests: gpio-mockup-chardev: Check asprintf() for error Sasha Levin
2019-02-15 2:12 ` Sasha Levin
2019-02-15 2:12 ` sashal
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 15/40] ARC: fix __ffs return value to avoid build warnings Sasha Levin
2019-02-15 2:12 ` Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 16/40] drivers: thermal: int340x_thermal: Fix sysfs race condition Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 17/40] staging: rtl8723bs: Fix build error with Clang when inlining is disabled Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 18/40] mac80211: fix miscounting of ttl-dropped frames Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 19/40] sched/wait: Fix rcuwait_wake_up() ordering Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 20/40] futex: Fix (possible) missed wakeup Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 21/40] locking/rwsem: " Sasha Levin
2019-02-15 2:12 ` Sasha Levin [this message]
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 23/40] drm/amd/powerplay: OD setting fix on Vega10 Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 24/40] serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 25/40] staging: android: ion: Support cpu access during dma_buf_detach Sasha Levin
2019-02-15 2:12 ` Sasha Levin
2019-02-15 2:12 ` [PATCH AUTOSEL 4.14 26/40] direct-io: allow direct writes to empty inodes Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 27/40] writeback: synchronize sync(2) against cgroup writeback membership switches Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 28/40] scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 29/40] net: altera_tse: fix connect_local_phy error path Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 30/40] hv_netvsc: Fix ethtool change hash key error Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 31/40] sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 32/40] ax25: fix possible use-after-free Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 33/40] net: usb: asix: ax88772_bind return error when hw_reset fail Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 34/40] net: dev_is_mac_header_xmit() true for ARPHRD_RAWIP Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 35/40] ibmveth: Do not process frames after calling napi_reschedule Sasha Levin
2019-02-15 2:13 ` Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 36/40] mac80211: don't initiate TDLS connection if station is not associated to AP Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 37/40] mac80211: Add attribute aligned(2) to struct 'action' Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 38/40] cfg80211: extend range deviation for DMG Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 39/40] svm: Fix AVIC incomplete IPI emulation Sasha Levin
2019-02-15 2:13 ` [PATCH AUTOSEL 4.14 40/40] KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190215021313.178476-22-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=ceph-devel@vger.kernel.org \
--cc=idryomov@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.