Re: [PATCH 1/2] sunrpc/cache: remove races with queuing an upcall.

Re: [PATCH 1/2] sunrpc/cache: remove races with queuing an upcall.

[NeilBrown]

[-- Attachment #1: Type: text/plain, Size: 4530 bytes --]

On 26 Feb 2013 15:02:01 +0100 Bodo Stroesser <bstroesser@ts.fujitsu.com>
wrote:

> On 26 Feb 2013 07:37:00 +0100 NeilBrown <neilb@suse.de> wrote:
> 
> > We currently queue an upcall after setting CACHE_PENDING, and dequeue after clearing CACHE_PENDING.
> > So a request should only be present when CACHE_PENDING is set.
> > 
> > However we don't combine the test and the enqueue/dequeue in a protected region, so it is possible (if unlikely) for a race to result in a request being queued without CACHE_PENDING set, or a request to be absent despite CACHE_PENDING.
> > 
> > So: include a test for CACHE_PENDING inside the regions of enqueue and dequeue where queue_lock is held, and abort the operation if the value is not as expected.
> > 
> > With this, it perfectly safe and correct to:
> >  - call cache_dequeue() if and only if we have just
> >    cleared CACHE_PENDING
> >  - call sunrpc_cache_pipe_upcall() (via cache_make_upcall)
> >    if and only if we have just set CACHE_PENDING.
> > 
> > Reported-by: Bodo Stroesser <bstroesser@ts.fujitsu.com>
> > Signed-off-by: NeilBrown <neilb@suse.de>
> 
> Sorry, I don't agree with this patch, as it fixes the first scenario of my mail
> from 24 Feb 2013, but AFAICS changes the second one (which has been a minor
> point that didn't need fixing necessarily) to a memory leak.
> 
> I'll try to expain my doubts:
> 
> Again, assume two threads calling cache_check() concurrently for the same cache
> entry of a cache that has a reader.
> Both threads get result -EAGAIN from cache_is_valid(). The second thread at that
> moment is interrupted and suspended for a while.
> The first thread sets CACHE_PENDING and queues an upcall request and sleeps
> waiting for the reply.
> The reader reads the request and replies accordingly. In sunrpc_cache_update()
> the reader changes the entry to CACHE_VALID and calls cache_fresh_unlocked().
> In cache_fresh_unlocked() it resets CACHE_PENDING. At this moment it is
> interrupted and suspended.
> Now the second thread wakes up, sets CACHE_PENDING again and queues a new upcall
> request.
> The reader wakes up and sees, that CACHE_PENDING is set again and does not
> dequeue the old request. --> memory leak (?)

Yes, I think you are right.

> 
> In my opinion, there are two possible fixes that could replace this patch:
> 
> 1) Don't call cache_dequeue() from cache_check(). Trying to dequeue something
>    even if we know, that we haven't queued, looks strange to me. (And yes, I
>    understand the reason, why you don't like it, but nevertheless I consider
>    this the best solution.)

The reason for calling cache_dequeue() is that someone else might have queued
something.  We are the last to leave so we turn out the lights - doesn't
matter that we didn't turn them on.

So I think the correct fix to the leak is to remove the "return" near the end
of cache_dequeue().
i.e. whoever clears CACHE_PENDING must remove all entries from the queue.  If
someone else sets CACHE_PENDING they might not succeed, but it doesn't matter
as then someone else will come along and remove all the entries.

>    This one would fix my first scenariop only, but not the second.
> 
> 2) I think, the starting point of all trouble is in cache_check().
>    Currently, if a thread has set CACHE_PENDING, is works using a 
>    possibly no longer valid state of the cache entry (rv).
>    AFAICS, it would fix most of the problems to re-check the
>    cache entry's state between setting CACHE_PENDING and the upcall.
>    The upcall should be done only, if still necessary.
>    This one could be combined with a new bit in the entry's state, that is
>    set if a valid entry is updated (that is: replaced). Checking this
>    bit also immediately before cache_make_upcall() is called would
>    also fix my second scenario fully in that it avoids unnecessary
>    upcalls.

Repeating the tests after setting CACHE_PENDING wouldn't hurt, but in almost
all cases it wouldn't help either.  The races that could result in a second
unnecessary up-call are extremely unlikely.  So I think the best approach is
not trying to avoid them, but making sure that they don't cause any harm.
This is best done with safe programming practices, like the "last one out
turns out the lights" pattern.  
The "return" which I suggest removing is really a premature optimisation
which should never have been included.  Without it we should be completely
safe.

??

NeilBrown


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 828 bytes --]

Re: [PATCH 1/2] sunrpc/cache: remove races with queuing an upcall.

[NeilBrown]

[-- Attachment #1: Type: text/plain, Size: 7241 bytes --]

On 05 Mar 2013 16:07:39 +0100 Bodo Stroesser <bstroesser@ts.fujitsu.com>
wrote:

> Hi,
> 
> the patch in my previous mail was a bit too optimized,
> in that it gets an cache_request* pointer from each entry
> on the detail->queue, even if it really is a cache_reader.
> 
> As the resulting pointer is used as a cache_request* after
> checking cache_queue->reader only, this isn't a bug, but
> it is unclean.
> 
> Thus I changed the patch below once again to keep the sane
> handling as it has been implemented.
> 
> Bodo
> 
> 
> On 04 Mar 2013 07:10:00 +0100 NeilBrown <neilb@suse.de> wrote:
> 
> > We currently queue an upcall after setting CACHE_PENDING,
> > and dequeue after clearing CACHE_PENDING.
> > So a request should only be present when CACHE_PENDING is set.
> > 
> > However we don't combine the test and the enqueue/dequeue in
> > a protected region, so it is possible (if unlikely) for a race
> > to result in a request being queued without CACHE_PENDING set,
> > or a request to be absent despite CACHE_PENDING.
> > 
> > So: include a test for CACHE_PENDING inside the regions of
> > enqueue and dequeue where queue_lock is held, and abort
> > the operation if the value is not as expected.
> > 
> > Also remove the 'return' from cache_dequeue() to ensure it always
> > removes all entries:  As there is no locking between setting
> > CACHE_PENDING and calling sunrpc_cache_pipe_upcall it is not
> > inconceivable for some other thread to clear CACHE_PENDING and then
> > someone else to set it can call sunrpc_cache_pipe_upcall, both before
> > the original thread completed the call.
> > 
> > With this, it perfectly safe and correct to:
> >  - call cache_dequeue() if and only if we have just
> >    cleared CACHE_PENDING
> >  - call sunrpc_cache_pipe_upcall() (via cache_make_upcall)
> >    if and only if we have just set CACHE_PENDING.
> > 
> > Reported-by: Bodo Stroesser <bstroesser@ts.fujitsu.com>
> > Signed-off-by: NeilBrown <neilb@suse.de>
> > ---
> >  net/sunrpc/cache.c |   17 ++++++++++++++---
> >  1 file changed, 14 insertions(+), 3 deletions(-)
> > 
> > diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c
> > index 9afa439..0400a92 100644
> > --- a/net/sunrpc/cache.c
> > +++ b/net/sunrpc/cache.c
> > @@ -1022,6 +1022,9 @@ static void cache_dequeue(struct cache_detail *detail, struct cache_head *ch)
> >  			struct cache_request *cr = container_of(cq, struct cache_request, q);
> >  			if (cr->item != ch)
> >  				continue;
> > +			if (test_bit(CACHE_PENDING, &ch->flags))
> > +				/* Lost a race and it is pending again */
> > +				break;
> >  			if (cr->readers != 0)
> >  				continue;
> >  			list_del(&cr->q.list);
> > @@ -1029,7 +1032,6 @@ static void cache_dequeue(struct cache_detail *detail, struct cache_head *ch)
> >  			cache_put(cr->item, detail);
> >  			kfree(cr->buf);
> >  			kfree(cr);
> > -			return;
> 
> Just removing "return" is not enough. If the loop no longer stops
> after dequeueing the first entry found, some other changes are
> necessary also:
> 
> 1) use list_for_each_entry_safe() instead of list_for_each_entry()
> 
> 2) don't call spin_unlock() in the loop.
> 
> Thus, at the end of this mail I added a revised patch. With this
> patch cache_dequeue() no longer frees the requests in the loop,
> but moves them to a temporary queue.
> After the loop it calls spin_unlock() and does the kfree() and
> cache_put() in a second loop.
> 
> The patch is not tested on a mainline kernel. Instead, I
> ported it to SLES11 SP1 2.6.32.59-0.7.1. On SLES 11 the test
> is still running fine.
> 
> Best Regards,
> Bodo
> 
> >  		}
> >  	spin_unlock(&queue_lock);
> >  }
> > @@ -1151,6 +1153,7 @@ int sunrpc_cache_pipe_upcall(struct cache_detail *detail, struct cache_head *h,
> >  	struct cache_request *crq;
> >  	char *bp;
> >  	int len;
> > +	int ret = 0;
> >  
> >  	if (!cache_listeners_exist(detail)) {
> >  		warn_no_listener(detail);
> > @@ -1182,10 +1185,18 @@ int sunrpc_cache_pipe_upcall(struct cache_detail *detail, struct cache_head *h,
> >  	crq->len = PAGE_SIZE - len;
> >  	crq->readers = 0;
> >  	spin_lock(&queue_lock);
> > -	list_add_tail(&crq->q.list, &detail->queue);
> > +	if (test_bit(CACHE_PENDING, &h->flags))
> > +		list_add_tail(&crq->q.list, &detail->queue);
> > +	else
> > +		/* Lost a race, no longer PENDING, so don't enqueue */
> > +		ret = -EAGAIN;
> >  	spin_unlock(&queue_lock);
> >  	wake_up(&queue_wait);
> > -	return 0;
> > +	if (ret == -EAGAIN) {
> > +		kfree(buf);
> > +		kfree(crq);
> > +	}
> > +	return ret;
> >  }
> >  EXPORT_SYMBOL_GPL(sunrpc_cache_pipe_upcall);
> >  
> > 
> 
> 
> .....
> 
> Reported-by: Bodo Stroesser <bstroesser@ts.fujitsu.com>
> Signed-off-by: NeilBrown <neilb@suse.de>
> Signed-off-by: Bodo Stroesser <bstroesser@ts.fujitsu.com>
> ---
> 
> --- a/net/sunrpc/cache.c	2013-02-20 14:05:08.000000000 +0100
> +++ b/net/sunrpc/cache.c	2013-03-05 13:30:13.000000000 +0100
> @@ -1015,23 +1015,33 @@
>  
>  static void cache_dequeue(struct cache_detail *detail, struct cache_head *ch)
>  {
> -	struct cache_queue *cq;
> +	struct cache_queue *cq, *tmp;
> +	struct cache_request *cr;
> +	struct list_head dequeued;
> +
> +	INIT_LIST_HEAD(&dequeued);
>  	spin_lock(&queue_lock);
> -	list_for_each_entry(cq, &detail->queue, list)
> +	list_for_each_entry_safe(cq, tmp, &detail->queue, list)
>  		if (!cq->reader) {
> -			struct cache_request *cr = container_of(cq, struct cache_request, q);
> +			cr = container_of(cq, struct cache_request, q);
>  			if (cr->item != ch)
>  				continue;
> +			if (test_bit(CACHE_PENDING, &ch->flags))
> +				/* Lost a race and it is pending again */
> +				break;
>  			if (cr->readers != 0)
>  				continue;
> -			list_del(&cr->q.list);
> -			spin_unlock(&queue_lock);
> -			cache_put(cr->item, detail);
> -			kfree(cr->buf);
> -			kfree(cr);
> -			return;
> +			list_move(&cr->q.list, &dequeued);
>  		}
>  	spin_unlock(&queue_lock);
> +
> +	while (!list_empty(&dequeued)) {
> +		cr = list_entry(dequeued.next, struct cache_request, q.list);
> +		list_del(&cr->q.list);
> +		cache_put(cr->item, detail);
> +		kfree(cr->buf);
> +		kfree(cr);
> +	}
>  }
>  
>  /*
> @@ -1151,6 +1161,7 @@
>  	struct cache_request *crq;
>  	char *bp;
>  	int len;
> +	int ret = 0;
>  
>  	if (!cache_listeners_exist(detail)) {
>  		warn_no_listener(detail);
> @@ -1182,10 +1193,18 @@
>  	crq->len = PAGE_SIZE - len;
>  	crq->readers = 0;
>  	spin_lock(&queue_lock);
> -	list_add_tail(&crq->q.list, &detail->queue);
> +	if (test_bit(CACHE_PENDING, &h->flags))
> +		list_add_tail(&crq->q.list, &detail->queue);
> +	else
> +		/* Lost a race, no longer PENDING, so don't enqueue */
> +		ret = -EAGAIN;
>  	spin_unlock(&queue_lock);
>  	wake_up(&queue_wait);
> -	return 0;
> +	if (ret == -EAGAIN) {
> +		kfree(buf);
> +		kfree(crq);
> +	}
> +	return ret;
>  }
>  EXPORT_SYMBOL_GPL(sunrpc_cache_pipe_upcall);
>  


Thanks for this - that was careless of me.  sorry.

Your patch looks good.  I'll forward the two to Bruce again shortly, then
look at submitting a backport for SLES.

Thanks,
NeilBrown


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 828 bytes --]

Re: [PATCH 1/2] sunrpc/cache: remove races with queuing an upcall.

[Bodo Stroesser]

SGksCgp0aGUgcGF0Y2ggaW4gbXkgcHJldmlvdXMgbWFpbCB3YXMgYSBiaXQgdG9vIG9wdGlt
aXplZCwKaW4gdGhhdCBpdCBnZXRzIGFuIGNhY2hlX3JlcXVlc3QqIHBvaW50ZXIgZnJvbSBl
YWNoIGVudHJ5Cm9uIHRoZSBkZXRhaWwtPnF1ZXVlLCBldmVuIGlmIGl0IHJlYWxseSBpcyBh
IGNhY2hlX3JlYWRlci4KCkFzIHRoZSByZXN1bHRpbmcgcG9pbnRlciBpcyB1c2VkIGFzIGEg
Y2FjaGVfcmVxdWVzdCogYWZ0ZXIKY2hlY2tpbmcgY2FjaGVfcXVldWUtPnJlYWRlciBvbmx5
LCB0aGlzIGlzbid0IGEgYnVnLCBidXQKaXQgaXMgdW5jbGVhbi4KClRodXMgSSBjaGFuZ2Vk
IHRoZSBwYXRjaCBiZWxvdyBvbmNlIGFnYWluIHRvIGtlZXAgdGhlIHNhbmUKaGFuZGxpbmcg
YXMgaXQgaGFzIGJlZW4gaW1wbGVtZW50ZWQuCgpCb2RvCgoKT24gMDQgTWFyIDIwMTMgMDc6
MTA6MDAgKzAxMDAgTmVpbEJyb3duIDxuZWlsYkBzdXNlLmRlPiB3cm90ZToKCj4gV2UgY3Vy
cmVudGx5IHF1ZXVlIGFuIHVwY2FsbCBhZnRlciBzZXR0aW5nIENBQ0hFX1BFTkRJTkcsCj4g
YW5kIGRlcXVldWUgYWZ0ZXIgY2xlYXJpbmcgQ0FDSEVfUEVORElORy4KPiBTbyBhIHJlcXVl
c3Qgc2hvdWxkIG9ubHkgYmUgcHJlc2VudCB3aGVuIENBQ0hFX1BFTkRJTkcgaXMgc2V0Lgo+
IAo+IEhvd2V2ZXIgd2UgZG9uJ3QgY29tYmluZSB0aGUgdGVzdCBhbmQgdGhlIGVucXVldWUv
ZGVxdWV1ZSBpbgo+IGEgcHJvdGVjdGVkIHJlZ2lvbiwgc28gaXQgaXMgcG9zc2libGUgKGlm
IHVubGlrZWx5KSBmb3IgYSByYWNlCj4gdG8gcmVzdWx0IGluIGEgcmVxdWVzdCBiZWluZyBx
dWV1ZWQgd2l0aG91dCBDQUNIRV9QRU5ESU5HIHNldCwKPiBvciBhIHJlcXVlc3QgdG8gYmUg
YWJzZW50IGRlc3BpdGUgQ0FDSEVfUEVORElORy4KPiAKPiBTbzogaW5jbHVkZSBhIHRlc3Qg
Zm9yIENBQ0hFX1BFTkRJTkcgaW5zaWRlIHRoZSByZWdpb25zIG9mCj4gZW5xdWV1ZSBhbmQg
ZGVxdWV1ZSB3aGVyZSBxdWV1ZV9sb2NrIGlzIGhlbGQsIGFuZCBhYm9ydAo+IHRoZSBvcGVy
YXRpb24gaWYgdGhlIHZhbHVlIGlzIG5vdCBhcyBleHBlY3RlZC4KPiAKPiBBbHNvIHJlbW92
ZSB0aGUgJ3JldHVybicgZnJvbSBjYWNoZV9kZXF1ZXVlKCkgdG8gZW5zdXJlIGl0IGFsd2F5
cwo+IHJlbW92ZXMgYWxsIGVudHJpZXM6ICBBcyB0aGVyZSBpcyBubyBsb2NraW5nIGJldHdl
ZW4gc2V0dGluZwo+IENBQ0hFX1BFTkRJTkcgYW5kIGNhbGxpbmcgc3VucnBjX2NhY2hlX3Bp
cGVfdXBjYWxsIGl0IGlzIG5vdAo+IGluY29uY2VpdmFibGUgZm9yIHNvbWUgb3RoZXIgdGhy
ZWFkIHRvIGNsZWFyIENBQ0hFX1BFTkRJTkcgYW5kIHRoZW4KPiBzb21lb25lIGVsc2UgdG8g
c2V0IGl0IGNhbiBjYWxsIHN1bnJwY19jYWNoZV9waXBlX3VwY2FsbCwgYm90aCBiZWZvcmUK
PiB0aGUgb3JpZ2luYWwgdGhyZWFkIGNvbXBsZXRlZCB0aGUgY2FsbC4KPiAKPiBXaXRoIHRo
aXMsIGl0IHBlcmZlY3RseSBzYWZlIGFuZCBjb3JyZWN0IHRvOgo+ICAtIGNhbGwgY2FjaGVf
ZGVxdWV1ZSgpIGlmIGFuZCBvbmx5IGlmIHdlIGhhdmUganVzdAo+ICAgIGNsZWFyZWQgQ0FD
SEVfUEVORElORwo+ICAtIGNhbGwgc3VucnBjX2NhY2hlX3BpcGVfdXBjYWxsKCkgKHZpYSBj
YWNoZV9tYWtlX3VwY2FsbCkKPiAgICBpZiBhbmQgb25seSBpZiB3ZSBoYXZlIGp1c3Qgc2V0
IENBQ0hFX1BFTkRJTkcuCj4gCj4gUmVwb3J0ZWQtYnk6IEJvZG8gU3Ryb2Vzc2VyIDxic3Ry
b2Vzc2VyQHRzLmZ1aml0c3UuY29tPgo+IFNpZ25lZC1vZmYtYnk6IE5laWxCcm93biA8bmVp
bGJAc3VzZS5kZT4KPiAtLS0KPiAgbmV0L3N1bnJwYy9jYWNoZS5jIHwgICAxNyArKysrKysr
KysrKysrKy0tLQo+ICAxIGZpbGUgY2hhbmdlZCwgMTQgaW5zZXJ0aW9ucygrKSwgMyBkZWxl
dGlvbnMoLSkKPiAKPiBkaWZmIC0tZ2l0IGEvbmV0L3N1bnJwYy9jYWNoZS5jIGIvbmV0L3N1
bnJwYy9jYWNoZS5jCj4gaW5kZXggOWFmYTQzOS4uMDQwMGE5MiAxMDA2NDQKPiAtLS0gYS9u
ZXQvc3VucnBjL2NhY2hlLmMKPiArKysgYi9uZXQvc3VucnBjL2NhY2hlLmMKPiBAQCAtMTAy
Miw2ICsxMDIyLDkgQEAgc3RhdGljIHZvaWQgY2FjaGVfZGVxdWV1ZShzdHJ1Y3QgY2FjaGVf
ZGV0YWlsICpkZXRhaWwsIHN0cnVjdCBjYWNoZV9oZWFkICpjaCkKPiAgCQkJc3RydWN0IGNh
Y2hlX3JlcXVlc3QgKmNyID0gY29udGFpbmVyX29mKGNxLCBzdHJ1Y3QgY2FjaGVfcmVxdWVz
dCwgcSk7Cj4gIAkJCWlmIChjci0+aXRlbSAhPSBjaCkKPiAgCQkJCWNvbnRpbnVlOwo+ICsJ
CQlpZiAodGVzdF9iaXQoQ0FDSEVfUEVORElORywgJmNoLT5mbGFncykpCj4gKwkJCQkvKiBM
b3N0IGEgcmFjZSBhbmQgaXQgaXMgcGVuZGluZyBhZ2FpbiAqLwo+ICsJCQkJYnJlYWs7Cj4g
IAkJCWlmIChjci0+cmVhZGVycyAhPSAwKQo+ICAJCQkJY29udGludWU7Cj4gIAkJCWxpc3Rf
ZGVsKCZjci0+cS5saXN0KTsKPiBAQCAtMTAyOSw3ICsxMDMyLDYgQEAgc3RhdGljIHZvaWQg
Y2FjaGVfZGVxdWV1ZShzdHJ1Y3QgY2FjaGVfZGV0YWlsICpkZXRhaWwsIHN0cnVjdCBjYWNo
ZV9oZWFkICpjaCkKPiAgCQkJY2FjaGVfcHV0KGNyLT5pdGVtLCBkZXRhaWwpOwo+ICAJCQlr
ZnJlZShjci0+YnVmKTsKPiAgCQkJa2ZyZWUoY3IpOwo+IC0JCQlyZXR1cm47CgpKdXN0IHJl
bW92aW5nICJyZXR1cm4iIGlzIG5vdCBlbm91Z2guIElmIHRoZSBsb29wIG5vIGxvbmdlciBz
dG9wcwphZnRlciBkZXF1ZXVlaW5nIHRoZSBmaXJzdCBlbnRyeSBmb3VuZCwgc29tZSBvdGhl
ciBjaGFuZ2VzIGFyZQpuZWNlc3NhcnkgYWxzbzoKCjEpIHVzZSBsaXN0X2Zvcl9lYWNoX2Vu
dHJ5X3NhZmUoKSBpbnN0ZWFkIG9mIGxpc3RfZm9yX2VhY2hfZW50cnkoKQoKMikgZG9uJ3Qg
Y2FsbCBzcGluX3VubG9jaygpIGluIHRoZSBsb29wLgoKVGh1cywgYXQgdGhlIGVuZCBvZiB0
aGlzIG1haWwgSSBhZGRlZCBhIHJldmlzZWQgcGF0Y2guIFdpdGggdGhpcwpwYXRjaCBjYWNo
ZV9kZXF1ZXVlKCkgbm8gbG9uZ2VyIGZyZWVzIHRoZSByZXF1ZXN0cyBpbiB0aGUgbG9vcCwK
YnV0IG1vdmVzIHRoZW0gdG8gYSB0ZW1wb3JhcnkgcXVldWUuCkFmdGVyIHRoZSBsb29wIGl0
IGNhbGxzIHNwaW5fdW5sb2NrKCkgYW5kIGRvZXMgdGhlIGtmcmVlKCkgYW5kCmNhY2hlX3B1
dCgpIGluIGEgc2Vjb25kIGxvb3AuCgpUaGUgcGF0Y2ggaXMgbm90IHRlc3RlZCBvbiBhIG1h
aW5saW5lIGtlcm5lbC4gSW5zdGVhZCwgSQpwb3J0ZWQgaXQgdG8gU0xFUzExIFNQMSAyLjYu
MzIuNTktMC43LjEuIE9uIFNMRVMgMTEgdGhlIHRlc3QKaXMgc3RpbGwgcnVubmluZyBmaW5l
LgoKQmVzdCBSZWdhcmRzLApCb2RvCgo+ICAJCX0KPiAgCXNwaW5fdW5sb2NrKCZxdWV1ZV9s
b2NrKTsKPiAgfQo+IEBAIC0xMTUxLDYgKzExNTMsNyBAQCBpbnQgc3VucnBjX2NhY2hlX3Bp
cGVfdXBjYWxsKHN0cnVjdCBjYWNoZV9kZXRhaWwgKmRldGFpbCwgc3RydWN0IGNhY2hlX2hl
YWQgKmgsCj4gIAlzdHJ1Y3QgY2FjaGVfcmVxdWVzdCAqY3JxOwo+ICAJY2hhciAqYnA7Cj4g
IAlpbnQgbGVuOwo+ICsJaW50IHJldCA9IDA7Cj4gIAo+ICAJaWYgKCFjYWNoZV9saXN0ZW5l
cnNfZXhpc3QoZGV0YWlsKSkgewo+ICAJCXdhcm5fbm9fbGlzdGVuZXIoZGV0YWlsKTsKPiBA
QCAtMTE4MiwxMCArMTE4NSwxOCBAQCBpbnQgc3VucnBjX2NhY2hlX3BpcGVfdXBjYWxsKHN0
cnVjdCBjYWNoZV9kZXRhaWwgKmRldGFpbCwgc3RydWN0IGNhY2hlX2hlYWQgKmgsCj4gIAlj
cnEtPmxlbiA9IFBBR0VfU0laRSAtIGxlbjsKPiAgCWNycS0+cmVhZGVycyA9IDA7Cj4gIAlz
cGluX2xvY2soJnF1ZXVlX2xvY2spOwo+IC0JbGlzdF9hZGRfdGFpbCgmY3JxLT5xLmxpc3Qs
ICZkZXRhaWwtPnF1ZXVlKTsKPiArCWlmICh0ZXN0X2JpdChDQUNIRV9QRU5ESU5HLCAmaC0+
ZmxhZ3MpKQo+ICsJCWxpc3RfYWRkX3RhaWwoJmNycS0+cS5saXN0LCAmZGV0YWlsLT5xdWV1
ZSk7Cj4gKwllbHNlCj4gKwkJLyogTG9zdCBhIHJhY2UsIG5vIGxvbmdlciBQRU5ESU5HLCBz
byBkb24ndCBlbnF1ZXVlICovCj4gKwkJcmV0ID0gLUVBR0FJTjsKPiAgCXNwaW5fdW5sb2Nr
KCZxdWV1ZV9sb2NrKTsKPiAgCXdha2VfdXAoJnF1ZXVlX3dhaXQpOwo+IC0JcmV0dXJuIDA7
Cj4gKwlpZiAocmV0ID09IC1FQUdBSU4pIHsKPiArCQlrZnJlZShidWYpOwo+ICsJCWtmcmVl
KGNycSk7Cj4gKwl9Cj4gKwlyZXR1cm4gcmV0Owo+ICB9Cj4gIEVYUE9SVF9TWU1CT0xfR1BM
KHN1bnJwY19jYWNoZV9waXBlX3VwY2FsbCk7Cj4gIAo+IAoKCi4uLi4uCgpSZXBvcnRlZC1i
eTogQm9kbyBTdHJvZXNzZXIgPGJzdHJvZXNzZXJAdHMuZnVqaXRzdS5jb20+ClNpZ25lZC1v
ZmYtYnk6IE5laWxCcm93biA8bmVpbGJAc3VzZS5kZT4KU2lnbmVkLW9mZi1ieTogQm9kbyBT
dHJvZXNzZXIgPGJzdHJvZXNzZXJAdHMuZnVqaXRzdS5jb20+Ci0tLQoKLS0tIGEvbmV0L3N1
bnJwYy9jYWNoZS5jCTIwMTMtMDItMjAgMTQ6MDU6MDguMDAwMDAwMDAwICswMTAwCisrKyBi
L25ldC9zdW5ycGMvY2FjaGUuYwkyMDEzLTAzLTA1IDEzOjMwOjEzLjAwMDAwMDAwMCArMDEw
MApAQCAtMTAxNSwyMyArMTAxNSwzMyBAQAogCiBzdGF0aWMgdm9pZCBjYWNoZV9kZXF1ZXVl
KHN0cnVjdCBjYWNoZV9kZXRhaWwgKmRldGFpbCwgc3RydWN0IGNhY2hlX2hlYWQgKmNoKQog
ewotCXN0cnVjdCBjYWNoZV9xdWV1ZSAqY3E7CisJc3RydWN0IGNhY2hlX3F1ZXVlICpjcSwg
KnRtcDsKKwlzdHJ1Y3QgY2FjaGVfcmVxdWVzdCAqY3I7CisJc3RydWN0IGxpc3RfaGVhZCBk
ZXF1ZXVlZDsKKworCUlOSVRfTElTVF9IRUFEKCZkZXF1ZXVlZCk7CiAJc3Bpbl9sb2NrKCZx
dWV1ZV9sb2NrKTsKLQlsaXN0X2Zvcl9lYWNoX2VudHJ5KGNxLCAmZGV0YWlsLT5xdWV1ZSwg
bGlzdCkKKwlsaXN0X2Zvcl9lYWNoX2VudHJ5X3NhZmUoY3EsIHRtcCwgJmRldGFpbC0+cXVl
dWUsIGxpc3QpCiAJCWlmICghY3EtPnJlYWRlcikgewotCQkJc3RydWN0IGNhY2hlX3JlcXVl
c3QgKmNyID0gY29udGFpbmVyX29mKGNxLCBzdHJ1Y3QgY2FjaGVfcmVxdWVzdCwgcSk7CisJ
CQljciA9IGNvbnRhaW5lcl9vZihjcSwgc3RydWN0IGNhY2hlX3JlcXVlc3QsIHEpOwogCQkJ
aWYgKGNyLT5pdGVtICE9IGNoKQogCQkJCWNvbnRpbnVlOworCQkJaWYgKHRlc3RfYml0KENB
Q0hFX1BFTkRJTkcsICZjaC0+ZmxhZ3MpKQorCQkJCS8qIExvc3QgYSByYWNlIGFuZCBpdCBp
cyBwZW5kaW5nIGFnYWluICovCisJCQkJYnJlYWs7CiAJCQlpZiAoY3ItPnJlYWRlcnMgIT0g
MCkKIAkJCQljb250aW51ZTsKLQkJCWxpc3RfZGVsKCZjci0+cS5saXN0KTsKLQkJCXNwaW5f
dW5sb2NrKCZxdWV1ZV9sb2NrKTsKLQkJCWNhY2hlX3B1dChjci0+aXRlbSwgZGV0YWlsKTsK
LQkJCWtmcmVlKGNyLT5idWYpOwotCQkJa2ZyZWUoY3IpOwotCQkJcmV0dXJuOworCQkJbGlz
dF9tb3ZlKCZjci0+cS5saXN0LCAmZGVxdWV1ZWQpOwogCQl9CiAJc3Bpbl91bmxvY2soJnF1
ZXVlX2xvY2spOworCisJd2hpbGUgKCFsaXN0X2VtcHR5KCZkZXF1ZXVlZCkpIHsKKwkJY3Ig
PSBsaXN0X2VudHJ5KGRlcXVldWVkLm5leHQsIHN0cnVjdCBjYWNoZV9yZXF1ZXN0LCBxLmxp
c3QpOworCQlsaXN0X2RlbCgmY3ItPnEubGlzdCk7CisJCWNhY2hlX3B1dChjci0+aXRlbSwg
ZGV0YWlsKTsKKwkJa2ZyZWUoY3ItPmJ1Zik7CisJCWtmcmVlKGNyKTsKKwl9CiB9CiAKIC8q
CkBAIC0xMTUxLDYgKzExNjEsNyBAQAogCXN0cnVjdCBjYWNoZV9yZXF1ZXN0ICpjcnE7CiAJ
Y2hhciAqYnA7CiAJaW50IGxlbjsKKwlpbnQgcmV0ID0gMDsKIAogCWlmICghY2FjaGVfbGlz
dGVuZXJzX2V4aXN0KGRldGFpbCkpIHsKIAkJd2Fybl9ub19saXN0ZW5lcihkZXRhaWwpOwpA
QCAtMTE4MiwxMCArMTE5MywxOCBAQAogCWNycS0+bGVuID0gUEFHRV9TSVpFIC0gbGVuOwog
CWNycS0+cmVhZGVycyA9IDA7CiAJc3Bpbl9sb2NrKCZxdWV1ZV9sb2NrKTsKLQlsaXN0X2Fk
ZF90YWlsKCZjcnEtPnEubGlzdCwgJmRldGFpbC0+cXVldWUpOworCWlmICh0ZXN0X2JpdChD
QUNIRV9QRU5ESU5HLCAmaC0+ZmxhZ3MpKQorCQlsaXN0X2FkZF90YWlsKCZjcnEtPnEubGlz
dCwgJmRldGFpbC0+cXVldWUpOworCWVsc2UKKwkJLyogTG9zdCBhIHJhY2UsIG5vIGxvbmdl
ciBQRU5ESU5HLCBzbyBkb24ndCBlbnF1ZXVlICovCisJCXJldCA9IC1FQUdBSU47CiAJc3Bp
bl91bmxvY2soJnF1ZXVlX2xvY2spOwogCXdha2VfdXAoJnF1ZXVlX3dhaXQpOwotCXJldHVy
biAwOworCWlmIChyZXQgPT0gLUVBR0FJTikgeworCQlrZnJlZShidWYpOworCQlrZnJlZShj
cnEpOworCX0KKwlyZXR1cm4gcmV0OwogfQogRVhQT1JUX1NZTUJPTF9HUEwoc3VucnBjX2Nh
Y2hlX3BpcGVfdXBjYWxsKTsKIAo=

Re: [PATCH 1/2] sunrpc/cache: remove races with queuing an upcall.

[Bodo Stroesser]

T24gMDQgTWFyIDIwMTMgMDc6MTA6MDAgKzAxMDAgTmVpbEJyb3duIDxuZWlsYkBzdXNlLmRl
PiB3cm90ZToKCj4gV2UgY3VycmVudGx5IHF1ZXVlIGFuIHVwY2FsbCBhZnRlciBzZXR0aW5n
IENBQ0hFX1BFTkRJTkcsCj4gYW5kIGRlcXVldWUgYWZ0ZXIgY2xlYXJpbmcgQ0FDSEVfUEVO
RElORy4KPiBTbyBhIHJlcXVlc3Qgc2hvdWxkIG9ubHkgYmUgcHJlc2VudCB3aGVuIENBQ0hF
X1BFTkRJTkcgaXMgc2V0Lgo+IAo+IEhvd2V2ZXIgd2UgZG9uJ3QgY29tYmluZSB0aGUgdGVz
dCBhbmQgdGhlIGVucXVldWUvZGVxdWV1ZSBpbgo+IGEgcHJvdGVjdGVkIHJlZ2lvbiwgc28g
aXQgaXMgcG9zc2libGUgKGlmIHVubGlrZWx5KSBmb3IgYSByYWNlCj4gdG8gcmVzdWx0IGlu
IGEgcmVxdWVzdCBiZWluZyBxdWV1ZWQgd2l0aG91dCBDQUNIRV9QRU5ESU5HIHNldCwKPiBv
ciBhIHJlcXVlc3QgdG8gYmUgYWJzZW50IGRlc3BpdGUgQ0FDSEVfUEVORElORy4KPiAKPiBT
bzogaW5jbHVkZSBhIHRlc3QgZm9yIENBQ0hFX1BFTkRJTkcgaW5zaWRlIHRoZSByZWdpb25z
IG9mCj4gZW5xdWV1ZSBhbmQgZGVxdWV1ZSB3aGVyZSBxdWV1ZV9sb2NrIGlzIGhlbGQsIGFu
ZCBhYm9ydAo+IHRoZSBvcGVyYXRpb24gaWYgdGhlIHZhbHVlIGlzIG5vdCBhcyBleHBlY3Rl
ZC4KPiAKPiBBbHNvIHJlbW92ZSB0aGUgJ3JldHVybicgZnJvbSBjYWNoZV9kZXF1ZXVlKCkg
dG8gZW5zdXJlIGl0IGFsd2F5cwo+IHJlbW92ZXMgYWxsIGVudHJpZXM6ICBBcyB0aGVyZSBp
cyBubyBsb2NraW5nIGJldHdlZW4gc2V0dGluZwo+IENBQ0hFX1BFTkRJTkcgYW5kIGNhbGxp
bmcgc3VucnBjX2NhY2hlX3BpcGVfdXBjYWxsIGl0IGlzIG5vdAo+IGluY29uY2VpdmFibGUg
Zm9yIHNvbWUgb3RoZXIgdGhyZWFkIHRvIGNsZWFyIENBQ0hFX1BFTkRJTkcgYW5kIHRoZW4K
PiBzb21lb25lIGVsc2UgdG8gc2V0IGl0IGNhbiBjYWxsIHN1bnJwY19jYWNoZV9waXBlX3Vw
Y2FsbCwgYm90aCBiZWZvcmUKPiB0aGUgb3JpZ2luYWwgdGhyZWFkIGNvbXBsZXRlZCB0aGUg
Y2FsbC4KPiAKPiBXaXRoIHRoaXMsIGl0IHBlcmZlY3RseSBzYWZlIGFuZCBjb3JyZWN0IHRv
Ogo+ICAtIGNhbGwgY2FjaGVfZGVxdWV1ZSgpIGlmIGFuZCBvbmx5IGlmIHdlIGhhdmUganVz
dAo+ICAgIGNsZWFyZWQgQ0FDSEVfUEVORElORwo+ICAtIGNhbGwgc3VucnBjX2NhY2hlX3Bp
cGVfdXBjYWxsKCkgKHZpYSBjYWNoZV9tYWtlX3VwY2FsbCkKPiAgICBpZiBhbmQgb25seSBp
ZiB3ZSBoYXZlIGp1c3Qgc2V0IENBQ0hFX1BFTkRJTkcuCj4gCj4gUmVwb3J0ZWQtYnk6IEJv
ZG8gU3Ryb2Vzc2VyIDxic3Ryb2Vzc2VyQHRzLmZ1aml0c3UuY29tPgo+IFNpZ25lZC1vZmYt
Ynk6IE5laWxCcm93biA8bmVpbGJAc3VzZS5kZT4KPiAtLS0KPiAgbmV0L3N1bnJwYy9jYWNo
ZS5jIHwgICAxNyArKysrKysrKysrKysrKy0tLQo+ICAxIGZpbGUgY2hhbmdlZCwgMTQgaW5z
ZXJ0aW9ucygrKSwgMyBkZWxldGlvbnMoLSkKPiAKPiBkaWZmIC0tZ2l0IGEvbmV0L3N1bnJw
Yy9jYWNoZS5jIGIvbmV0L3N1bnJwYy9jYWNoZS5jCj4gaW5kZXggOWFmYTQzOS4uMDQwMGE5
MiAxMDA2NDQKPiAtLS0gYS9uZXQvc3VucnBjL2NhY2hlLmMKPiArKysgYi9uZXQvc3VucnBj
L2NhY2hlLmMKPiBAQCAtMTAyMiw2ICsxMDIyLDkgQEAgc3RhdGljIHZvaWQgY2FjaGVfZGVx
dWV1ZShzdHJ1Y3QgY2FjaGVfZGV0YWlsICpkZXRhaWwsIHN0cnVjdCBjYWNoZV9oZWFkICpj
aCkKPiAgCQkJc3RydWN0IGNhY2hlX3JlcXVlc3QgKmNyID0gY29udGFpbmVyX29mKGNxLCBz
dHJ1Y3QgY2FjaGVfcmVxdWVzdCwgcSk7Cj4gIAkJCWlmIChjci0+aXRlbSAhPSBjaCkKPiAg
CQkJCWNvbnRpbnVlOwo+ICsJCQlpZiAodGVzdF9iaXQoQ0FDSEVfUEVORElORywgJmNoLT5m
bGFncykpCj4gKwkJCQkvKiBMb3N0IGEgcmFjZSBhbmQgaXQgaXMgcGVuZGluZyBhZ2FpbiAq
Lwo+ICsJCQkJYnJlYWs7Cj4gIAkJCWlmIChjci0+cmVhZGVycyAhPSAwKQo+ICAJCQkJY29u
dGludWU7Cj4gIAkJCWxpc3RfZGVsKCZjci0+cS5saXN0KTsKPiBAQCAtMTAyOSw3ICsxMDMy
LDYgQEAgc3RhdGljIHZvaWQgY2FjaGVfZGVxdWV1ZShzdHJ1Y3QgY2FjaGVfZGV0YWlsICpk
ZXRhaWwsIHN0cnVjdCBjYWNoZV9oZWFkICpjaCkKPiAgCQkJY2FjaGVfcHV0KGNyLT5pdGVt
LCBkZXRhaWwpOwo+ICAJCQlrZnJlZShjci0+YnVmKTsKPiAgCQkJa2ZyZWUoY3IpOwo+IC0J
CQlyZXR1cm47CgpKdXN0IHJlbW92aW5nICJyZXR1cm4iIGlzIG5vdCBlbm91Z2guIElmIHRo
ZSBsb29wIG5vIGxvbmdlciBzdG9wcwphZnRlciBkZXF1ZXVlaW5nIHRoZSBmaXJzdCBlbnRy
eSBmb3VuZCwgc29tZSBvdGhlciBjaGFuZ2VzIGFyZQpuZWNlc3NhcnkgYWxzbzoKCjEpIHVz
ZSBsaXN0X2Zvcl9lYWNoX2VudHJ5X3NhZmUoKSBpbnN0ZWFkIG9mIGxpc3RfZm9yX2VhY2hf
ZW50cnkoKQoKMikgZG9uJ3QgY2FsbCBzcGluX3VubG9jaygpIGluIHRoZSBsb29wLgoKVGh1
cywgYXQgdGhlIGVuZCBvZiB0aGlzIG1haWwgSSBhZGRlZCBhIHJldmlzZWQgcGF0Y2guIFdp
dGggdGhpcwpwYXRjaCBjYWNoZV9kZXF1ZXVlKCkgbm8gbG9uZ2VyIGZyZWVzIHRoZSByZXF1
ZXN0cyBpbiB0aGUgbG9vcCwKYnV0IG1vdmVzIHRoZW0gdG8gYSB0ZW1wb3JhcnkgcXVldWUu
CkFmdGVyIHRoZSBsb29wIGl0IGNhbGxzIHNwaW5fdW5sb2NrKCkgYW5kIGRvZXMgdGhlIGtm
cmVlKCkgYW5kCmNhY2hlX3B1dCgpIGluIGEgc2Vjb25kIGxvb3AuCgpUaGUgcGF0Y2ggaXMg
bm90IHRlc3RlZCBvbiBhIG1haW5saW5lIGtlcm5lbC4gSW5zdGVhZCwgSQpwb3J0ZWQgaXQg
dG8gU0xFUzExIFNQMSAyLjYuMzIuNTktMC43LjEuIE9uIFNMRVMgMTEgdGhlIHRlc3QKaXMg
c3RpbGwgcnVubmluZyBmaW5lLgoKQmVzdCBSZWdhcmRzLApCb2RvCgo+ICAJCX0KPiAgCXNw
aW5fdW5sb2NrKCZxdWV1ZV9sb2NrKTsKPiAgfQo+IEBAIC0xMTUxLDYgKzExNTMsNyBAQCBp
bnQgc3VucnBjX2NhY2hlX3BpcGVfdXBjYWxsKHN0cnVjdCBjYWNoZV9kZXRhaWwgKmRldGFp
bCwgc3RydWN0IGNhY2hlX2hlYWQgKmgsCj4gIAlzdHJ1Y3QgY2FjaGVfcmVxdWVzdCAqY3Jx
Owo+ICAJY2hhciAqYnA7Cj4gIAlpbnQgbGVuOwo+ICsJaW50IHJldCA9IDA7Cj4gIAo+ICAJ
aWYgKCFjYWNoZV9saXN0ZW5lcnNfZXhpc3QoZGV0YWlsKSkgewo+ICAJCXdhcm5fbm9fbGlz
dGVuZXIoZGV0YWlsKTsKPiBAQCAtMTE4MiwxMCArMTE4NSwxOCBAQCBpbnQgc3VucnBjX2Nh
Y2hlX3BpcGVfdXBjYWxsKHN0cnVjdCBjYWNoZV9kZXRhaWwgKmRldGFpbCwgc3RydWN0IGNh
Y2hlX2hlYWQgKmgsCj4gIAljcnEtPmxlbiA9IFBBR0VfU0laRSAtIGxlbjsKPiAgCWNycS0+
cmVhZGVycyA9IDA7Cj4gIAlzcGluX2xvY2soJnF1ZXVlX2xvY2spOwo+IC0JbGlzdF9hZGRf
dGFpbCgmY3JxLT5xLmxpc3QsICZkZXRhaWwtPnF1ZXVlKTsKPiArCWlmICh0ZXN0X2JpdChD
QUNIRV9QRU5ESU5HLCAmaC0+ZmxhZ3MpKQo+ICsJCWxpc3RfYWRkX3RhaWwoJmNycS0+cS5s
aXN0LCAmZGV0YWlsLT5xdWV1ZSk7Cj4gKwllbHNlCj4gKwkJLyogTG9zdCBhIHJhY2UsIG5v
IGxvbmdlciBQRU5ESU5HLCBzbyBkb24ndCBlbnF1ZXVlICovCj4gKwkJcmV0ID0gLUVBR0FJ
TjsKPiAgCXNwaW5fdW5sb2NrKCZxdWV1ZV9sb2NrKTsKPiAgCXdha2VfdXAoJnF1ZXVlX3dh
aXQpOwo+IC0JcmV0dXJuIDA7Cj4gKwlpZiAocmV0ID09IC1FQUdBSU4pIHsKPiArCQlrZnJl
ZShidWYpOwo+ICsJCWtmcmVlKGNycSk7Cj4gKwl9Cj4gKwlyZXR1cm4gcmV0Owo+ICB9Cj4g
IEVYUE9SVF9TWU1CT0xfR1BMKHN1bnJwY19jYWNoZV9waXBlX3VwY2FsbCk7Cj4gIAo+IAoK
Ci4uLi4uCgpSZXBvcnRlZC1ieTogQm9kbyBTdHJvZXNzZXIgPGJzdHJvZXNzZXJAdHMuZnVq
aXRzdS5jb20+ClNpZ25lZC1vZmYtYnk6IE5laWxCcm93biA8bmVpbGJAc3VzZS5kZT4KU2ln
bmVkLW9mZi1ieTogQm9kbyBTdHJvZXNzZXIgPGJzdHJvZXNzZXJAdHMuZnVqaXRzdS5jb20+
Ci0tLQoKLS0tIGEvbmV0L3N1bnJwYy9jYWNoZS5jCTIwMTMtMDItMjAgMTQ6MDU6MDguMDAw
MDAwMDAwICswMTAwCisrKyBiL25ldC9zdW5ycGMvY2FjaGUuYwkyMDEzLTAzLTA1IDEzOjMw
OjEzLjAwMDAwMDAwMCArMDEwMApAQCAtMTAxNSwyMyArMTAxNSwzMSBAQAogCiBzdGF0aWMg
dm9pZCBjYWNoZV9kZXF1ZXVlKHN0cnVjdCBjYWNoZV9kZXRhaWwgKmRldGFpbCwgc3RydWN0
IGNhY2hlX2hlYWQgKmNoKQogewotCXN0cnVjdCBjYWNoZV9xdWV1ZSAqY3E7CisJc3RydWN0
IGNhY2hlX3JlcXVlc3QgKmNyLCAqdG1wOworCXN0cnVjdCBsaXN0X2hlYWQgZGVxdWV1ZWQ7
CisKKwlJTklUX0xJU1RfSEVBRCgmZGVxdWV1ZWQpOwogCXNwaW5fbG9jaygmcXVldWVfbG9j
ayk7Ci0JbGlzdF9mb3JfZWFjaF9lbnRyeShjcSwgJmRldGFpbC0+cXVldWUsIGxpc3QpCi0J
CWlmICghY3EtPnJlYWRlcikgewotCQkJc3RydWN0IGNhY2hlX3JlcXVlc3QgKmNyID0gY29u
dGFpbmVyX29mKGNxLCBzdHJ1Y3QgY2FjaGVfcmVxdWVzdCwgcSk7CisJbGlzdF9mb3JfZWFj
aF9lbnRyeV9zYWZlKGNyLCB0bXAsICZkZXRhaWwtPnF1ZXVlLCBxLmxpc3QpCisJCWlmICgh
Y3ItPnEucmVhZGVyKSB7CiAJCQlpZiAoY3ItPml0ZW0gIT0gY2gpCiAJCQkJY29udGludWU7
CisJCQlpZiAodGVzdF9iaXQoQ0FDSEVfUEVORElORywgJmNoLT5mbGFncykpCisJCQkJLyog
TG9zdCBhIHJhY2UgYW5kIGl0IGlzIHBlbmRpbmcgYWdhaW4gKi8KKwkJCQlicmVhazsKIAkJ
CWlmIChjci0+cmVhZGVycyAhPSAwKQogCQkJCWNvbnRpbnVlOwotCQkJbGlzdF9kZWwoJmNy
LT5xLmxpc3QpOwotCQkJc3Bpbl91bmxvY2soJnF1ZXVlX2xvY2spOwotCQkJY2FjaGVfcHV0
KGNyLT5pdGVtLCBkZXRhaWwpOwotCQkJa2ZyZWUoY3ItPmJ1Zik7Ci0JCQlrZnJlZShjcik7
Ci0JCQlyZXR1cm47CisJCQlsaXN0X21vdmUoJmNyLT5xLmxpc3QsICZkZXF1ZXVlZCk7CiAJ
CX0KIAlzcGluX3VubG9jaygmcXVldWVfbG9jayk7CisKKwl3aGlsZSAoIWxpc3RfZW1wdHko
JmRlcXVldWVkKSkgeworCQljciA9IGxpc3RfZW50cnkoZGVxdWV1ZWQubmV4dCwgc3RydWN0
IGNhY2hlX3JlcXVlc3QsIHEubGlzdCk7CisJCWxpc3RfZGVsKCZjci0+cS5saXN0KTsKKwkJ
Y2FjaGVfcHV0KGNyLT5pdGVtLCBkZXRhaWwpOworCQlrZnJlZShjci0+YnVmKTsKKwkJa2Zy
ZWUoY3IpOworCX0KIH0KIAogLyoKQEAgLTExNTEsNiArMTE1OSw3IEBACiAJc3RydWN0IGNh
Y2hlX3JlcXVlc3QgKmNycTsKIAljaGFyICpicDsKIAlpbnQgbGVuOworCWludCByZXQgPSAw
OwogCiAJaWYgKCFjYWNoZV9saXN0ZW5lcnNfZXhpc3QoZGV0YWlsKSkgewogCQl3YXJuX25v
X2xpc3RlbmVyKGRldGFpbCk7CkBAIC0xMTgyLDEwICsxMTkxLDE4IEBACiAJY3JxLT5sZW4g
PSBQQUdFX1NJWkUgLSBsZW47CiAJY3JxLT5yZWFkZXJzID0gMDsKIAlzcGluX2xvY2soJnF1
ZXVlX2xvY2spOwotCWxpc3RfYWRkX3RhaWwoJmNycS0+cS5saXN0LCAmZGV0YWlsLT5xdWV1
ZSk7CisJaWYgKHRlc3RfYml0KENBQ0hFX1BFTkRJTkcsICZoLT5mbGFncykpCisJCWxpc3Rf
YWRkX3RhaWwoJmNycS0+cS5saXN0LCAmZGV0YWlsLT5xdWV1ZSk7CisJZWxzZQorCQkvKiBM
b3N0IGEgcmFjZSwgbm8gbG9uZ2VyIFBFTkRJTkcsIHNvIGRvbid0IGVucXVldWUgKi8KKwkJ
cmV0ID0gLUVBR0FJTjsKIAlzcGluX3VubG9jaygmcXVldWVfbG9jayk7CiAJd2FrZV91cCgm
cXVldWVfd2FpdCk7Ci0JcmV0dXJuIDA7CisJaWYgKHJldCA9PSAtRUFHQUlOKSB7CisJCWtm
cmVlKGJ1Zik7CisJCWtmcmVlKGNycSk7CisJfQorCXJldHVybiByZXQ7CiB9CiBFWFBPUlRf
U1lNQk9MX0dQTChzdW5ycGNfY2FjaGVfcGlwZV91cGNhbGwpOwogCg==

Re: [PATCH 1/2] sunrpc/cache: remove races with queuing an upcall.

[Bodo Stroesser]

SGksCgpzb3JyeSBmb3IgbXkgbGF0ZSByZXBseS4gSSB3YXMgcXVpdGUgYnVzeSBhbmQgbmVl
ZGVkIHNvbWUgdGltZQp0byB0aGluayBhYm91dCB0aGF0IGNvbXBsaWNhdGVkIHN0dWZmIGJl
Zm9yZSB3cml0aW5nIGFuIGFuc3dlci4KCgpPbiAyOCBGZWIgMjAxMyAwMDoyNDowMCArMDEw
MCBOZWlsQnJvd24gPG5laWxiQHN1c2UuZGU+IHdyb3RlOgoKPiBPbiAyNiBGZWIgMjAxMyAx
NTowMjowMSArMDEwMCBCb2RvIFN0cm9lc3NlciA8YnN0cm9lc3NlckB0cy5mdWppdHN1LmNv
bT4KPiB3cm90ZToKPiAKPiA+IE9uIDI2IEZlYiAyMDEzIDA3OjM3OjAwICswMTAwIE5laWxC
cm93biA8bmVpbGJAc3VzZS5kZT4gd3JvdGU6Cj4gPiAKPiA+ID4gV2UgY3VycmVudGx5IHF1
ZXVlIGFuIHVwY2FsbCBhZnRlciBzZXR0aW5nIENBQ0hFX1BFTkRJTkcsIGFuZCBkZXF1ZXVl
IGFmdGVyIGNsZWFyaW5nIENBQ0hFX1BFTkRJTkcuCj4gPiA+IFNvIGEgcmVxdWVzdCBzaG91
bGQgb25seSBiZSBwcmVzZW50IHdoZW4gQ0FDSEVfUEVORElORyBpcyBzZXQuCj4gPiA+IAo+
ID4gPiBIb3dldmVyIHdlIGRvbid0IGNvbWJpbmUgdGhlIHRlc3QgYW5kIHRoZSBlbnF1ZXVl
L2RlcXVldWUgaW4gYSBwcm90ZWN0ZWQgcmVnaW9uLCBzbyBpdCBpcyBwb3NzaWJsZSAoaWYg
dW5saWtlbHkpIGZvciBhIHJhY2UgdG8gcmVzdWx0IGluIGEgcmVxdWVzdCBiZWluZyBxdWV1
ZWQgd2l0aG91dCBDQUNIRV9QRU5ESU5HIHNldCwgb3IgYSByZXF1ZXN0IHRvIGJlIGFic2Vu
dCBkZXNwaXRlIENBQ0hFX1BFTkRJTkcuCj4gPiA+IAo+ID4gPiBTbzogaW5jbHVkZSBhIHRl
c3QgZm9yIENBQ0hFX1BFTkRJTkcgaW5zaWRlIHRoZSByZWdpb25zIG9mIGVucXVldWUgYW5k
IGRlcXVldWUgd2hlcmUgcXVldWVfbG9jayBpcyBoZWxkLCBhbmQgYWJvcnQgdGhlIG9wZXJh
dGlvbiBpZiB0aGUgdmFsdWUgaXMgbm90IGFzIGV4cGVjdGVkLgo+ID4gPiAKPiA+ID4gV2l0
aCB0aGlzLCBpdCBwZXJmZWN0bHkgc2FmZSBhbmQgY29ycmVjdCB0bzoKPiA+ID4gIC0gY2Fs
bCBjYWNoZV9kZXF1ZXVlKCkgaWYgYW5kIG9ubHkgaWYgd2UgaGF2ZSBqdXN0Cj4gPiA+ICAg
IGNsZWFyZWQgQ0FDSEVfUEVORElORwo+ID4gPiAgLSBjYWxsIHN1bnJwY19jYWNoZV9waXBl
X3VwY2FsbCgpICh2aWEgY2FjaGVfbWFrZV91cGNhbGwpCj4gPiA+ICAgIGlmIGFuZCBvbmx5
IGlmIHdlIGhhdmUganVzdCBzZXQgQ0FDSEVfUEVORElORy4KPiA+ID4gCj4gPiA+IFJlcG9y
dGVkLWJ5OiBCb2RvIFN0cm9lc3NlciA8YnN0cm9lc3NlckB0cy5mdWppdHN1LmNvbT4KPiA+
ID4gU2lnbmVkLW9mZi1ieTogTmVpbEJyb3duIDxuZWlsYkBzdXNlLmRlPgo+ID4gCj4gPiBT
b3JyeSwgSSBkb24ndCBhZ3JlZSB3aXRoIHRoaXMgcGF0Y2gsIGFzIGl0IGZpeGVzIHRoZSBm
aXJzdCBzY2VuYXJpbyBvZiBteSBtYWlsCj4gPiBmcm9tIDI0IEZlYiAyMDEzLCBidXQgQUZB
SUNTIGNoYW5nZXMgdGhlIHNlY29uZCBvbmUgKHdoaWNoIGhhcyBiZWVuIGEgbWlub3IKPiA+
IHBvaW50IHRoYXQgZGlkbid0IG5lZWQgZml4aW5nIG5lY2Vzc2FyaWx5KSB0byBhIG1lbW9y
eSBsZWFrLgo+ID4gCj4gPiBJJ2xsIHRyeSB0byBleHBhaW4gbXkgZG91YnRzOgo+ID4gCj4g
PiBBZ2FpbiwgYXNzdW1lIHR3byB0aHJlYWRzIGNhbGxpbmcgY2FjaGVfY2hlY2soKSBjb25j
dXJyZW50bHkgZm9yIHRoZSBzYW1lIGNhY2hlCj4gPiBlbnRyeSBvZiBhIGNhY2hlIHRoYXQg
aGFzIGEgcmVhZGVyLgo+ID4gQm90aCB0aHJlYWRzIGdldCByZXN1bHQgLUVBR0FJTiBmcm9t
IGNhY2hlX2lzX3ZhbGlkKCkuIFRoZSBzZWNvbmQgdGhyZWFkIGF0IHRoYXQKPiA+IG1vbWVu
dCBpcyBpbnRlcnJ1cHRlZCBhbmQgc3VzcGVuZGVkIGZvciBhIHdoaWxlLgo+ID4gVGhlIGZp
cnN0IHRocmVhZCBzZXRzIENBQ0hFX1BFTkRJTkcgYW5kIHF1ZXVlcyBhbiB1cGNhbGwgcmVx
dWVzdCBhbmQgc2xlZXBzCj4gPiB3YWl0aW5nIGZvciB0aGUgcmVwbHkuCj4gPiBUaGUgcmVh
ZGVyIHJlYWRzIHRoZSByZXF1ZXN0IGFuZCByZXBsaWVzIGFjY29yZGluZ2x5LiBJbiBzdW5y
cGNfY2FjaGVfdXBkYXRlKCkKPiA+IHRoZSByZWFkZXIgY2hhbmdlcyB0aGUgZW50cnkgdG8g
Q0FDSEVfVkFMSUQgYW5kIGNhbGxzIGNhY2hlX2ZyZXNoX3VubG9ja2VkKCkuCj4gPiBJbiBj
YWNoZV9mcmVzaF91bmxvY2tlZCgpIGl0IHJlc2V0cyBDQUNIRV9QRU5ESU5HLiBBdCB0aGlz
IG1vbWVudCBpdCBpcwo+ID4gaW50ZXJydXB0ZWQgYW5kIHN1c3BlbmRlZC4KPiA+IE5vdyB0
aGUgc2Vjb25kIHRocmVhZCB3YWtlcyB1cCwgc2V0cyBDQUNIRV9QRU5ESU5HIGFnYWluIGFu
ZCBxdWV1ZXMgYSBuZXcgdXBjYWxsCj4gPiByZXF1ZXN0Lgo+ID4gVGhlIHJlYWRlciB3YWtl
cyB1cCBhbmQgc2VlcywgdGhhdCBDQUNIRV9QRU5ESU5HIGlzIHNldCBhZ2FpbiBhbmQgZG9l
cyBub3QKPiA+IGRlcXVldWUgdGhlIG9sZCByZXF1ZXN0LiAtLT4gbWVtb3J5IGxlYWsgKD8p
Cj4gCj4gWWVzLCBJIHRoaW5rIHlvdSBhcmUgcmlnaHQuCj4gCj4gPiAKPiA+IEluIG15IG9w
aW5pb24sIHRoZXJlIGFyZSB0d28gcG9zc2libGUgZml4ZXMgdGhhdCBjb3VsZCByZXBsYWNl
IHRoaXMgcGF0Y2g6Cj4gPiAKPiA+IDEpIERvbid0IGNhbGwgY2FjaGVfZGVxdWV1ZSgpIGZy
b20gY2FjaGVfY2hlY2soKS4gVHJ5aW5nIHRvIGRlcXVldWUgc29tZXRoaW5nCj4gPiAgICBl
dmVuIGlmIHdlIGtub3csIHRoYXQgd2UgaGF2ZW4ndCBxdWV1ZWQsIGxvb2tzIHN0cmFuZ2Ug
dG8gbWUuIChBbmQgeWVzLCBJCj4gPiAgICB1bmRlcnN0YW5kIHRoZSByZWFzb24sIHdoeSB5
b3UgZG9uJ3QgbGlrZSBpdCwgYnV0IG5ldmVydGhlbGVzcyBJIGNvbnNpZGVyCj4gPiAgICB0
aGlzIHRoZSBiZXN0IHNvbHV0aW9uLikKPiAKPiBUaGUgcmVhc29uIGZvciBjYWxsaW5nIGNh
Y2hlX2RlcXVldWUoKSBpcyB0aGF0IHNvbWVvbmUgZWxzZSBtaWdodCBoYXZlIHF1ZXVlZAo+
IHNvbWV0aGluZy4gIFdlIGFyZSB0aGUgbGFzdCB0byBsZWF2ZSBzbyB3ZSB0dXJuIG91dCB0
aGUgbGlnaHRzIC0gZG9lc24ndAo+IG1hdHRlciB0aGF0IHdlIGRpZG4ndCB0dXJuIHRoZW0g
b24uCj4gCj4gU28gSSB0aGluayB0aGUgY29ycmVjdCBmaXggdG8gdGhlIGxlYWsgaXMgdG8g
cmVtb3ZlIHRoZSAicmV0dXJuIiBuZWFyIHRoZSBlbmQKPiBvZiBjYWNoZV9kZXF1ZXVlKCku
Cj4gaS5lLiB3aG9ldmVyIGNsZWFycyBDQUNIRV9QRU5ESU5HIG11c3QgcmVtb3ZlIGFsbCBl
bnRyaWVzIGZyb20gdGhlIHF1ZXVlLiAgSWYKPiBzb21lb25lIGVsc2Ugc2V0cyBDQUNIRV9Q
RU5ESU5HIHRoZXkgbWlnaHQgbm90IHN1Y2NlZWQsIGJ1dCBpdCBkb2Vzbid0IG1hdHRlcgo+
IGFzIHRoZW4gc29tZW9uZSBlbHNlIHdpbGwgY29tZSBhbG9uZyBhbmQgcmVtb3ZlIGFsbCB0
aGUgZW50cmllcy4KCkkgdGhpbmssIHRoZXJlIGFyZSB0d28gcG9zc2libGUgbWV0aG9kcy4g
VGhlIGZpcnN0IC0gd2hpY2ggSSB0aGluayB3YXMgdGhlCm1ldGhvZCBjaG9zZW4gd2hlbiB0
aGUgY29kZSB3YXMgZGV2ZWxvcGVkIGluIHRoZSBwYXN0IC0gaXMgdG8gaGF2ZSBhIHN0cmlj
dApoYW5kc2hha2Ugb2YgZW5xdWV1ZWluZyBhIHJlcXVlc3QgYW5kIGRlcXVldWVpbmcgaXQg
bGF0ZXIuIEJ1dCBhcyB3ZSBrbm93LCBpdAp3YXNuJ3QgaW1wbGVtZW50ZWQgY29ycmVjdGx5
LiAoTXkgcGF0Y2hlcyB3ZXJlIHdyaXR0ZW4gdG8gZml4IHRoaXMuKQpUaGUgc2Vjb25kIG1l
dGhvZCBpcyB3aGF0IHlvdSBhcmUgcHJlZmVycmluZzogbWFrZSBzdXJlIHRoYXQgdGhlIGxh
c3Qgb25lCmNsZWFyaW5nIENBQ0hFX1BFTkRJTkcgZGVxdWV1ZXMgZXZlcnl0aGluZy4gU28g
eW91ciBwYXRjaGVzIGFyZSBzb21lIGtpbmQgb2YKYSByZWRlc2lnbiwgSSB0aGluay4gV2l0
aG91dCB0aGUgInJldHVybiIgaW4gY2FjaGVfZGVxdWV1ZSgpLCBBRkFJQ1MgeW91cgpwYXRj
aGVzIHNob3VsZCBiZSBmaW5lLgoKPiAKPiA+ICAgIFRoaXMgb25lIHdvdWxkIGZpeCBteSBm
aXJzdCBzY2VuYXJpb3Agb25seSwgYnV0IG5vdCB0aGUgc2Vjb25kLgo+ID4gCj4gPiAyKSBJ
IHRoaW5rLCB0aGUgc3RhcnRpbmcgcG9pbnQgb2YgYWxsIHRyb3VibGUgaXMgaW4gY2FjaGVf
Y2hlY2soKS4KPiA+ICAgIEN1cnJlbnRseSwgaWYgYSB0aHJlYWQgaGFzIHNldCBDQUNIRV9Q
RU5ESU5HLCBpcyB3b3JrcyB1c2luZyBhIAo+ID4gICAgcG9zc2libHkgbm8gbG9uZ2VyIHZh
bGlkIHN0YXRlIG9mIHRoZSBjYWNoZSBlbnRyeSAocnYpLgo+ID4gICAgQUZBSUNTLCBpdCB3
b3VsZCBmaXggbW9zdCBvZiB0aGUgcHJvYmxlbXMgdG8gcmUtY2hlY2sgdGhlCj4gPiAgICBj
YWNoZSBlbnRyeSdzIHN0YXRlIGJldHdlZW4gc2V0dGluZyBDQUNIRV9QRU5ESU5HIGFuZCB0
aGUgdXBjYWxsLgo+ID4gICAgVGhlIHVwY2FsbCBzaG91bGQgYmUgZG9uZSBvbmx5LCBpZiBz
dGlsbCBuZWNlc3NhcnkuCj4gPiAgICBUaGlzIG9uZSBjb3VsZCBiZSBjb21iaW5lZCB3aXRo
IGEgbmV3IGJpdCBpbiB0aGUgZW50cnkncyBzdGF0ZSwgdGhhdCBpcwo+ID4gICAgc2V0IGlm
IGEgdmFsaWQgZW50cnkgaXMgdXBkYXRlZCAodGhhdCBpczogcmVwbGFjZWQpLiBDaGVja2lu
ZyB0aGlzCj4gPiAgICBiaXQgYWxzbyBpbW1lZGlhdGVseSBiZWZvcmUgY2FjaGVfbWFrZV91
cGNhbGwoKSBpcyBjYWxsZWQgd291bGQKPiA+ICAgIGFsc28gZml4IG15IHNlY29uZCBzY2Vu
YXJpbyBmdWxseSBpbiB0aGF0IGl0IGF2b2lkcyB1bm5lY2Vzc2FyeQo+ID4gICAgdXBjYWxs
cy4KPiAKPiBSZXBlYXRpbmcgdGhlIHRlc3RzIGFmdGVyIHNldHRpbmcgQ0FDSEVfUEVORElO
RyB3b3VsZG4ndCBodXJ0LCBidXQgaW4gYWxtb3N0Cj4gYWxsIGNhc2VzIGl0IHdvdWxkbid0
IGhlbHAgZWl0aGVyLiAgVGhlIHJhY2VzIHRoYXQgY291bGQgcmVzdWx0IGluIGEgc2Vjb25k
Cj4gdW5uZWNlc3NhcnkgdXAtY2FsbCBhcmUgZXh0cmVtZWx5IHVubGlrZWx5LiAgU28gSSB0
aGluayB0aGUgYmVzdCBhcHByb2FjaCBpcwo+IG5vdCB0cnlpbmcgdG8gYXZvaWQgdGhlbSwg
YnV0IG1ha2luZyBzdXJlIHRoYXQgdGhleSBkb24ndCBjYXVzZSBhbnkgaGFybS4KPiBUaGlz
IGlzIGJlc3QgZG9uZSB3aXRoIHNhZmUgcHJvZ3JhbW1pbmcgcHJhY3RpY2VzLCBsaWtlIHRo
ZSAibGFzdCBvbmUgb3V0Cj4gdHVybnMgb3V0IHRoZSBsaWdodHMiIHBhdHRlcm4uICAKClRo
ZSByYWNlcyBJJ3ZlIGZvdW5kIHdlcmUgYSBjb25zZXF1ZW5jZSBvZiB0d28gdGhyZWFkcyBj
YWxsaW5nIGNhY2hlX2lzX3ZhbGlkKCkKY29uY3VycmVudGx5IGFuZCB0aHVzIGJvdGggdHJ5
aW5nIHRvIG1ha2UgYW4gdXBjYWxsLiBUaGUgZmlyc3QgdGhyZWFkIHNldHMKQ0FDSEVfUEVO
RElORyBhbmQgdHJpZXMgdGhlIHVwY2FsbC4gVGhlIHNlY29uZCB0aHJlYWQgY2FuIGRvIGl0
cyB1cGNhbGwgb25seSwKYWZ0ZXIgQ0FDSEVfUEVORElORyB3YXMgcmVzZXQgYWdhaW4gKHdo
aWNoIGNhbiBiZSBkb25lIGJ5IHRoZSBmaXJzdCB0aHJlYWQKaXRzZWxmIGlmIHRoZSB1cGNh
bGwgZmFpbGVkLCBvciBieSBhIHJlYWRlciBpZiB0aGUgdXBjYWxsIGlzIGFuc3dlcmVkKS4K
SW4gdGhpcyBjYXNlLCBhZnRlciB0aGUgc2Vjb25kIHRocmVhZCBoYXMgc2V0IENBQ0hFX1BF
TkRJTkcgaXRzZWxmLCB0aGUgc3RhdGUKb2YgdGhlIGNhY2hlIGVudHJ5IHdpbGwgaGF2ZSBj
aGFuZ2VkLiBTbywgcmVjaGVja2luZyB0aGUgc3RhdGUgY2FuIGF2b2lkIHRoZQpzZWNvbmQg
dXBjYWxsIGFuZCB0aHVzIGFsc28gYXZvaWQgdGhlIHBvc3NpYmlsaXR5IG9mIHJhY2VzLgoK
PiBUaGUgInJldHVybiIgd2hpY2ggSSBzdWdnZXN0IHJlbW92aW5nIGlzIHJlYWxseSBhIHBy
ZW1hdHVyZSBvcHRpbWlzYXRpb24KPiB3aGljaCBzaG91bGQgbmV2ZXIgaGF2ZSBiZWVuIGlu
Y2x1ZGVkLiAgV2l0aG91dCBpdCB3ZSBzaG91bGQgYmUgY29tcGxldGVseQo+IHNhZmUuCgpG
b3IgdGhlIG9sZCBtZXRob2Qgb2YgYW4gZW5xdWV1ZWluZyAvIGRlcXVldWVpbmcgaGFuZHNo
YWtlIEkgdGhpbmsgaXQgd2FzCmZpbmUuCgo+IAo+ID8/CgpBRkFJQ1MsIHlvdXIgbmV3ZXN0
IHBhdGNoZXMgdGhhdCByZW1vdmUgdGhlICJyZXR1cm4iIHNob3VsZCBiZSBmaW5lLgpVbmZv
cnR1bmF0ZWx5LCBJIGNhbid0IHRlc3QgaXQsIGFzIG91ciBzZXR1cCBpcyBiYXNlZCBvbiBh
IFNMRVMxMSBTUDEsCndoaWNoIGNhbid0IGJlIGNoYW5nZWQgd2l0aG91dCBjaGFuZ2luZyBh
IGxvdCBvZiBvdGhlciBTVyBhbHNvLgpUaHVzLCBJJ2xsIHRyeSB0byBiYWNrcG9ydCB0aGUg
cGF0Y2hlcyBhbmQgZG8gYSB0ZXN0LgoKQm9kbwoKPiAKPiBOZWlsQnJvd24KPiAK

[PATCH 0/2] two fixes for races in SUNRPC. - Take 2.

[NeilBrown]

hi,
 these two patches fix (I believe) the races recently reported
by Bodo Stroesser.

This version removes the 'return' from cache_deqeue() as discussed.

Thanks,
NeilBrown


---

NeilBrown (2):
      sunrpc/cache: remove races with queuing an upcall.
      sunrpc/cache: use cache_fresh_unlocked consistently and correctly.


 net/sunrpc/cache.c |   37 +++++++++++++++++++++----------------
 1 file changed, 21 insertions(+), 16 deletions(-)

-- 
Signature

[PATCH 1/2] sunrpc/cache: remove races with queuing an upcall.

[NeilBrown]

We currently queue an upcall after setting CACHE_PENDING,
and dequeue after clearing CACHE_PENDING.
So a request should only be present when CACHE_PENDING is set.

However we don't combine the test and the enqueue/dequeue in
a protected region, so it is possible (if unlikely) for a race
to result in a request being queued without CACHE_PENDING set,
or a request to be absent despite CACHE_PENDING.

So: include a test for CACHE_PENDING inside the regions of
enqueue and dequeue where queue_lock is held, and abort
the operation if the value is not as expected.

Also remove the 'return' from cache_dequeue() to ensure it always
removes all entries:  As there is no locking between setting
CACHE_PENDING and calling sunrpc_cache_pipe_upcall it is not
inconceivable for some other thread to clear CACHE_PENDING and then
someone else to set it can call sunrpc_cache_pipe_upcall, both before
the original thread completed the call.

With this, it perfectly safe and correct to:
 - call cache_dequeue() if and only if we have just
   cleared CACHE_PENDING
 - call sunrpc_cache_pipe_upcall() (via cache_make_upcall)
   if and only if we have just set CACHE_PENDING.

Reported-by: Bodo Stroesser <bstroesser@ts.fujitsu.com>
Signed-off-by: NeilBrown <neilb@suse.de>
---
 net/sunrpc/cache.c |   17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c
index 9afa439..0400a92 100644
--- a/net/sunrpc/cache.c
+++ b/net/sunrpc/cache.c
@@ -1022,6 +1022,9 @@ static void cache_dequeue(struct cache_detail *detail, struct cache_head *ch)
 			struct cache_request *cr = container_of(cq, struct cache_request, q);
 			if (cr->item != ch)
 				continue;
+			if (test_bit(CACHE_PENDING, &ch->flags))
+				/* Lost a race and it is pending again */
+				break;
 			if (cr->readers != 0)
 				continue;
 			list_del(&cr->q.list);
@@ -1029,7 +1032,6 @@ static void cache_dequeue(struct cache_detail *detail, struct cache_head *ch)
 			cache_put(cr->item, detail);
 			kfree(cr->buf);
 			kfree(cr);
-			return;
 		}
 	spin_unlock(&queue_lock);
 }
@@ -1151,6 +1153,7 @@ int sunrpc_cache_pipe_upcall(struct cache_detail *detail, struct cache_head *h,
 	struct cache_request *crq;
 	char *bp;
 	int len;
+	int ret = 0;
 
 	if (!cache_listeners_exist(detail)) {
 		warn_no_listener(detail);
@@ -1182,10 +1185,18 @@ int sunrpc_cache_pipe_upcall(struct cache_detail *detail, struct cache_head *h,
 	crq->len = PAGE_SIZE - len;
 	crq->readers = 0;
 	spin_lock(&queue_lock);
-	list_add_tail(&crq->q.list, &detail->queue);
+	if (test_bit(CACHE_PENDING, &h->flags))
+		list_add_tail(&crq->q.list, &detail->queue);
+	else
+		/* Lost a race, no longer PENDING, so don't enqueue */
+		ret = -EAGAIN;
 	spin_unlock(&queue_lock);
 	wake_up(&queue_wait);
-	return 0;
+	if (ret == -EAGAIN) {
+		kfree(buf);
+		kfree(crq);
+	}
+	return ret;
 }
 EXPORT_SYMBOL_GPL(sunrpc_cache_pipe_upcall);
 

Re: [PATCH 1/2] sunrpc/cache: remove races with queuing an upcall.

[Bodo Stroesser]

T24gMjYgRmViIDIwMTMgMDc6Mzc6MDAgKzAxMDAgTmVpbEJyb3duIDxuZWlsYkBzdXNlLmRl
PiB3cm90ZToKCj4gV2UgY3VycmVudGx5IHF1ZXVlIGFuIHVwY2FsbCBhZnRlciBzZXR0aW5n
IENBQ0hFX1BFTkRJTkcsIGFuZCBkZXF1ZXVlIGFmdGVyIGNsZWFyaW5nIENBQ0hFX1BFTkRJ
TkcuCj4gU28gYSByZXF1ZXN0IHNob3VsZCBvbmx5IGJlIHByZXNlbnQgd2hlbiBDQUNIRV9Q
RU5ESU5HIGlzIHNldC4KPiAKPiBIb3dldmVyIHdlIGRvbid0IGNvbWJpbmUgdGhlIHRlc3Qg
YW5kIHRoZSBlbnF1ZXVlL2RlcXVldWUgaW4gYSBwcm90ZWN0ZWQgcmVnaW9uLCBzbyBpdCBp
cyBwb3NzaWJsZSAoaWYgdW5saWtlbHkpIGZvciBhIHJhY2UgdG8gcmVzdWx0IGluIGEgcmVx
dWVzdCBiZWluZyBxdWV1ZWQgd2l0aG91dCBDQUNIRV9QRU5ESU5HIHNldCwgb3IgYSByZXF1
ZXN0IHRvIGJlIGFic2VudCBkZXNwaXRlIENBQ0hFX1BFTkRJTkcuCj4gCj4gU286IGluY2x1
ZGUgYSB0ZXN0IGZvciBDQUNIRV9QRU5ESU5HIGluc2lkZSB0aGUgcmVnaW9ucyBvZiBlbnF1
ZXVlIGFuZCBkZXF1ZXVlIHdoZXJlIHF1ZXVlX2xvY2sgaXMgaGVsZCwgYW5kIGFib3J0IHRo
ZSBvcGVyYXRpb24gaWYgdGhlIHZhbHVlIGlzIG5vdCBhcyBleHBlY3RlZC4KPiAKPiBXaXRo
IHRoaXMsIGl0IHBlcmZlY3RseSBzYWZlIGFuZCBjb3JyZWN0IHRvOgo+ICAtIGNhbGwgY2Fj
aGVfZGVxdWV1ZSgpIGlmIGFuZCBvbmx5IGlmIHdlIGhhdmUganVzdAo+ICAgIGNsZWFyZWQg
Q0FDSEVfUEVORElORwo+ICAtIGNhbGwgc3VucnBjX2NhY2hlX3BpcGVfdXBjYWxsKCkgKHZp
YSBjYWNoZV9tYWtlX3VwY2FsbCkKPiAgICBpZiBhbmQgb25seSBpZiB3ZSBoYXZlIGp1c3Qg
c2V0IENBQ0hFX1BFTkRJTkcuCj4gCj4gUmVwb3J0ZWQtYnk6IEJvZG8gU3Ryb2Vzc2VyIDxi
c3Ryb2Vzc2VyQHRzLmZ1aml0c3UuY29tPgo+IFNpZ25lZC1vZmYtYnk6IE5laWxCcm93biA8
bmVpbGJAc3VzZS5kZT4KClNvcnJ5LCBJIGRvbid0IGFncmVlIHdpdGggdGhpcyBwYXRjaCwg
YXMgaXQgZml4ZXMgdGhlIGZpcnN0IHNjZW5hcmlvIG9mIG15IG1haWwKZnJvbSAyNCBGZWIg
MjAxMywgYnV0IEFGQUlDUyBjaGFuZ2VzIHRoZSBzZWNvbmQgb25lICh3aGljaCBoYXMgYmVl
biBhIG1pbm9yCnBvaW50IHRoYXQgZGlkbid0IG5lZWQgZml4aW5nIG5lY2Vzc2FyaWx5KSB0
byBhIG1lbW9yeSBsZWFrLgoKSSdsbCB0cnkgdG8gZXhwYWluIG15IGRvdWJ0czoKCkFnYWlu
LCBhc3N1bWUgdHdvIHRocmVhZHMgY2FsbGluZyBjYWNoZV9jaGVjaygpIGNvbmN1cnJlbnRs
eSBmb3IgdGhlIHNhbWUgY2FjaGUKZW50cnkgb2YgYSBjYWNoZSB0aGF0IGhhcyBhIHJlYWRl
ci4KQm90aCB0aHJlYWRzIGdldCByZXN1bHQgLUVBR0FJTiBmcm9tIGNhY2hlX2lzX3ZhbGlk
KCkuIFRoZSBzZWNvbmQgdGhyZWFkIGF0IHRoYXQKbW9tZW50IGlzIGludGVycnVwdGVkIGFu
ZCBzdXNwZW5kZWQgZm9yIGEgd2hpbGUuClRoZSBmaXJzdCB0aHJlYWQgc2V0cyBDQUNIRV9Q
RU5ESU5HIGFuZCBxdWV1ZXMgYW4gdXBjYWxsIHJlcXVlc3QgYW5kIHNsZWVwcwp3YWl0aW5n
IGZvciB0aGUgcmVwbHkuClRoZSByZWFkZXIgcmVhZHMgdGhlIHJlcXVlc3QgYW5kIHJlcGxp
ZXMgYWNjb3JkaW5nbHkuIEluIHN1bnJwY19jYWNoZV91cGRhdGUoKQp0aGUgcmVhZGVyIGNo
YW5nZXMgdGhlIGVudHJ5IHRvIENBQ0hFX1ZBTElEIGFuZCBjYWxscyBjYWNoZV9mcmVzaF91
bmxvY2tlZCgpLgpJbiBjYWNoZV9mcmVzaF91bmxvY2tlZCgpIGl0IHJlc2V0cyBDQUNIRV9Q
RU5ESU5HLiBBdCB0aGlzIG1vbWVudCBpdCBpcwppbnRlcnJ1cHRlZCBhbmQgc3VzcGVuZGVk
LgpOb3cgdGhlIHNlY29uZCB0aHJlYWQgd2FrZXMgdXAsIHNldHMgQ0FDSEVfUEVORElORyBh
Z2FpbiBhbmQgcXVldWVzIGEgbmV3IHVwY2FsbApyZXF1ZXN0LgpUaGUgcmVhZGVyIHdha2Vz
IHVwIGFuZCBzZWVzLCB0aGF0IENBQ0hFX1BFTkRJTkcgaXMgc2V0IGFnYWluIGFuZCBkb2Vz
IG5vdApkZXF1ZXVlIHRoZSBvbGQgcmVxdWVzdC4gLS0+IG1lbW9yeSBsZWFrICg/KQoKSW4g
bXkgb3BpbmlvbiwgdGhlcmUgYXJlIHR3byBwb3NzaWJsZSBmaXhlcyB0aGF0IGNvdWxkIHJl
cGxhY2UgdGhpcyBwYXRjaDoKCjEpIERvbid0IGNhbGwgY2FjaGVfZGVxdWV1ZSgpIGZyb20g
Y2FjaGVfY2hlY2soKS4gVHJ5aW5nIHRvIGRlcXVldWUgc29tZXRoaW5nCiAgIGV2ZW4gaWYg
d2Uga25vdywgdGhhdCB3ZSBoYXZlbid0IHF1ZXVlZCwgbG9va3Mgc3RyYW5nZSB0byBtZS4g
KEFuZCB5ZXMsIEkKICAgdW5kZXJzdGFuZCB0aGUgcmVhc29uLCB3aHkgeW91IGRvbid0IGxp
a2UgaXQsIGJ1dCBuZXZlcnRoZWxlc3MgSSBjb25zaWRlcgogICB0aGlzIHRoZSBiZXN0IHNv
bHV0aW9uLikKICAgVGhpcyBvbmUgd291bGQgZml4IG15IGZpcnN0IHNjZW5hcmlvcCBvbmx5
LCBidXQgbm90IHRoZSBzZWNvbmQuCgoyKSBJIHRoaW5rLCB0aGUgc3RhcnRpbmcgcG9pbnQg
b2YgYWxsIHRyb3VibGUgaXMgaW4gY2FjaGVfY2hlY2soKS4KICAgQ3VycmVudGx5LCBpZiBh
IHRocmVhZCBoYXMgc2V0IENBQ0hFX1BFTkRJTkcsIGlzIHdvcmtzIHVzaW5nIGEgCiAgIHBv
c3NpYmx5IG5vIGxvbmdlciB2YWxpZCBzdGF0ZSBvZiB0aGUgY2FjaGUgZW50cnkgKHJ2KS4K
ICAgQUZBSUNTLCBpdCB3b3VsZCBmaXggbW9zdCBvZiB0aGUgcHJvYmxlbXMgdG8gcmUtY2hl
Y2sgdGhlCiAgIGNhY2hlIGVudHJ5J3Mgc3RhdGUgYmV0d2VlbiBzZXR0aW5nIENBQ0hFX1BF
TkRJTkcgYW5kIHRoZSB1cGNhbGwuCiAgIFRoZSB1cGNhbGwgc2hvdWxkIGJlIGRvbmUgb25s
eSwgaWYgc3RpbGwgbmVjZXNzYXJ5LgogICBUaGlzIG9uZSBjb3VsZCBiZSBjb21iaW5lZCB3
aXRoIGEgbmV3IGJpdCBpbiB0aGUgZW50cnkncyBzdGF0ZSwgdGhhdCBpcwogICBzZXQgaWYg
YSB2YWxpZCBlbnRyeSBpcyB1cGRhdGVkICh0aGF0IGlzOiByZXBsYWNlZCkuIENoZWNraW5n
IHRoaXMKICAgYml0IGFsc28gaW1tZWRpYXRlbHkgYmVmb3JlIGNhY2hlX21ha2VfdXBjYWxs
KCkgaXMgY2FsbGVkIHdvdWxkCiAgIGFsc28gZml4IG15IHNlY29uZCBzY2VuYXJpbyBmdWxs
eSBpbiB0aGF0IGl0IGF2b2lkcyB1bm5lY2Vzc2FyeQogICB1cGNhbGxzLgoKQm9kbwoKCgo+
IC0tLQo+ICBuZXQvc3VucnBjL2NhY2hlLmMgfCAgIDE2ICsrKysrKysrKysrKysrLS0KPiAg
MSBmaWxlIGNoYW5nZWQsIDE0IGluc2VydGlvbnMoKyksIDIgZGVsZXRpb25zKC0pCj4gCj4g
ZGlmZiAtLWdpdCBhL25ldC9zdW5ycGMvY2FjaGUuYyBiL25ldC9zdW5ycGMvY2FjaGUuYyBp
bmRleCA5YWZhNDM5Li5iNDhjOGVmIDEwMDY0NAo+IC0tLSBhL25ldC9zdW5ycGMvY2FjaGUu
Ywo+ICsrKyBiL25ldC9zdW5ycGMvY2FjaGUuYwo+IEBAIC0xMDIyLDYgKzEwMjIsOSBAQCBz
dGF0aWMgdm9pZCBjYWNoZV9kZXF1ZXVlKHN0cnVjdCBjYWNoZV9kZXRhaWwgKmRldGFpbCwg
c3RydWN0IGNhY2hlX2hlYWQgKmNoKQo+ICAJCQlzdHJ1Y3QgY2FjaGVfcmVxdWVzdCAqY3Ig
PSBjb250YWluZXJfb2YoY3EsIHN0cnVjdCBjYWNoZV9yZXF1ZXN0LCBxKTsKPiAgCQkJaWYg
KGNyLT5pdGVtICE9IGNoKQo+ICAJCQkJY29udGludWU7Cj4gKwkJCWlmICh0ZXN0X2JpdChD
QUNIRV9QRU5ESU5HLCAmY2gtPmZsYWdzKSkKPiArCQkJCS8qIExvc3QgYSByYWNlIGFuZCBp
dCBpcyBwZW5kaW5nIGFnYWluICovCj4gKwkJCQlicmVhazsKPiAgCQkJaWYgKGNyLT5yZWFk
ZXJzICE9IDApCj4gIAkJCQljb250aW51ZTsKPiAgCQkJbGlzdF9kZWwoJmNyLT5xLmxpc3Qp
Owo+IEBAIC0xMTUxLDYgKzExNTQsNyBAQCBpbnQgc3VucnBjX2NhY2hlX3BpcGVfdXBjYWxs
KHN0cnVjdCBjYWNoZV9kZXRhaWwgKmRldGFpbCwgc3RydWN0IGNhY2hlX2hlYWQgKmgsCj4g
IAlzdHJ1Y3QgY2FjaGVfcmVxdWVzdCAqY3JxOwo+ICAJY2hhciAqYnA7Cj4gIAlpbnQgbGVu
Owo+ICsJaW50IHJldCA9IDA7Cj4gIAo+ICAJaWYgKCFjYWNoZV9saXN0ZW5lcnNfZXhpc3Qo
ZGV0YWlsKSkgewo+ICAJCXdhcm5fbm9fbGlzdGVuZXIoZGV0YWlsKTsKPiBAQCAtMTE4Miwx
MCArMTE4NiwxOCBAQCBpbnQgc3VucnBjX2NhY2hlX3BpcGVfdXBjYWxsKHN0cnVjdCBjYWNo
ZV9kZXRhaWwgKmRldGFpbCwgc3RydWN0IGNhY2hlX2hlYWQgKmgsCj4gIAljcnEtPmxlbiA9
IFBBR0VfU0laRSAtIGxlbjsKPiAgCWNycS0+cmVhZGVycyA9IDA7Cj4gIAlzcGluX2xvY2so
JnF1ZXVlX2xvY2spOwo+IC0JbGlzdF9hZGRfdGFpbCgmY3JxLT5xLmxpc3QsICZkZXRhaWwt
PnF1ZXVlKTsKPiArCWlmICh0ZXN0X2JpdChDQUNIRV9QRU5ESU5HLCAmaC0+ZmxhZ3MpKQo+
ICsJCWxpc3RfYWRkX3RhaWwoJmNycS0+cS5saXN0LCAmZGV0YWlsLT5xdWV1ZSk7Cj4gKwll
bHNlCj4gKwkJLyogTG9zdCBhIHJhY2UsIG5vIGxvbmdlciBQRU5ESU5HLCBzbyBkb24ndCBl
bnF1ZXVlICovCj4gKwkJcmV0ID0gLUVBR0FJTjsKPiAgCXNwaW5fdW5sb2NrKCZxdWV1ZV9s
b2NrKTsKPiAgCXdha2VfdXAoJnF1ZXVlX3dhaXQpOwo+IC0JcmV0dXJuIDA7Cj4gKwlpZiAo
cmV0ID09IC1FQUdBSU4pIHsKPiArCQlrZnJlZShidWYpOwo+ICsJCWtmcmVlKGNycSk7Cj4g
Kwl9Cj4gKwlyZXR1cm4gcmV0Owo+ICB9Cj4gIEVYUE9SVF9TWU1CT0xfR1BMKHN1bnJwY19j
YWNoZV9waXBlX3VwY2FsbCk7Cj4gIAo+IAo=

[PATCH 0/2] two fixes for races in SUNRPC.

[NeilBrown]

hi,
 these two patches fix (I believe) the races recently reported
by Bodo Stroesser.

Thanks,
NeilBrown

---

NeilBrown (2):
      sunrpc/cache: remove races with queuing an upcall.
      sunrpc/cache: use cache_fresh_unlocked consistently and correctly.


 net/sunrpc/cache.c |   36 +++++++++++++++++++++---------------
 1 file changed, 21 insertions(+), 15 deletions(-)

-- 
Signature

[PATCH 1/2] sunrpc/cache: remove races with queuing an upcall.

[NeilBrown]

We currently queue an upcall after setting CACHE_PENDING,
and dequeue after clearing CACHE_PENDING.
So a request should only be present when CACHE_PENDING is set.

However we don't combine the test and the enqueue/dequeue in
a protected region, so it is possible (if unlikely) for a race
to result in a request being queued without CACHE_PENDING set,
or a request to be absent despite CACHE_PENDING.

So: include a test for CACHE_PENDING inside the regions of
enqueue and dequeue where queue_lock is held, and abort
the operation if the value is not as expected.

With this, it perfectly safe and correct to:
 - call cache_dequeue() if and only if we have just
   cleared CACHE_PENDING
 - call sunrpc_cache_pipe_upcall() (via cache_make_upcall)
   if and only if we have just set CACHE_PENDING.

Reported-by: Bodo Stroesser <bstroesser@ts.fujitsu.com>
Signed-off-by: NeilBrown <neilb@suse.de>
---
 net/sunrpc/cache.c |   16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/net/sunrpc/cache.c b/net/sunrpc/cache.c
index 9afa439..b48c8ef 100644
--- a/net/sunrpc/cache.c
+++ b/net/sunrpc/cache.c
@@ -1022,6 +1022,9 @@ static void cache_dequeue(struct cache_detail *detail, struct cache_head *ch)
 			struct cache_request *cr = container_of(cq, struct cache_request, q);
 			if (cr->item != ch)
 				continue;
+			if (test_bit(CACHE_PENDING, &ch->flags))
+				/* Lost a race and it is pending again */
+				break;
 			if (cr->readers != 0)
 				continue;
 			list_del(&cr->q.list);
@@ -1151,6 +1154,7 @@ int sunrpc_cache_pipe_upcall(struct cache_detail *detail, struct cache_head *h,
 	struct cache_request *crq;
 	char *bp;
 	int len;
+	int ret = 0;
 
 	if (!cache_listeners_exist(detail)) {
 		warn_no_listener(detail);
@@ -1182,10 +1186,18 @@ int sunrpc_cache_pipe_upcall(struct cache_detail *detail, struct cache_head *h,
 	crq->len = PAGE_SIZE - len;
 	crq->readers = 0;
 	spin_lock(&queue_lock);
-	list_add_tail(&crq->q.list, &detail->queue);
+	if (test_bit(CACHE_PENDING, &h->flags))
+		list_add_tail(&crq->q.list, &detail->queue);
+	else
+		/* Lost a race, no longer PENDING, so don't enqueue */
+		ret = -EAGAIN;
 	spin_unlock(&queue_lock);
 	wake_up(&queue_wait);
-	return 0;
+	if (ret == -EAGAIN) {
+		kfree(buf);
+		kfree(crq);
+	}
+	return ret;
 }
 EXPORT_SYMBOL_GPL(sunrpc_cache_pipe_upcall);