• David Howells's avatar
    afs: Fix race in async call refcounting · 12a072a0
    David Howells authored
    [ Upstream commit 34fa4761 ]
    
    There's a race between afs_make_call() and afs_wake_up_async_call() in the
    case that an error is returned from rxrpc_kernel_send_data() after it has
    queued the final packet.
    
    afs_make_call() will try and clean up the mess, but the call state may have
    been moved on thereby causing afs_process_async_call() to also try and to
    delete the call.
    
    Fix this by:
    
     (1) Getting an extra ref for an asynchronous call for the call itself to
         hold.  This makes sure the call doesn't evaporate on us accidentally
         and will allow the call to be retained by the caller in a future
         patch.  The ref is released on leaving afs_make_call() or
         afs_wait_for_call_to_complete().
    
     (2) In the event of an error from rxrpc_kernel_send_data():
    
         (a) Don't set the call state to AFS_CALL_COMPLETE until *after* the
         	 call has been aborted and ended.  This prevents
         	 afs_deliver_to_call() from doing anything with any notifications
         	 it gets.
    
         (b) Explicitly end the call immediately to prevent further callbacks.
    
         (c) Cancel any queued async_work and wait for the work if it's
         	 executing.  This allows us to be sure the race won't recur when we
         	 change the state.  We put the work queue's ref on the call if we
         	 managed to cancel it.
    
         (d) Put the call's ref that we got in (1).  This belongs to us as long
         	 as the call is in state AFS_CALL_CL_REQUESTING.
    
    Fixes: 341f741f ("afs: Refcount the afs_call struct")
    Signed-off-by: 's avatarDavid Howells <dhowells@redhat.com>
    Signed-off-by: 's avatarSasha Levin <sashal@kernel.org>
    12a072a0
Name
Last commit
Last update
..
9p Loading commit data...
adfs Loading commit data...
affs Loading commit data...
afs Loading commit data...
autofs Loading commit data...
befs Loading commit data...
bfs Loading commit data...
btrfs Loading commit data...
cachefiles Loading commit data...
ceph Loading commit data...
cifs Loading commit data...
coda Loading commit data...
configfs Loading commit data...
cramfs Loading commit data...
crypto Loading commit data...
debugfs Loading commit data...
devpts Loading commit data...
dlm Loading commit data...
ecryptfs Loading commit data...
efivarfs Loading commit data...
efs Loading commit data...
exofs Loading commit data...
exportfs Loading commit data...
ext2 Loading commit data...
ext4 Loading commit data...
f2fs Loading commit data...
fat Loading commit data...
freevxfs Loading commit data...
fscache Loading commit data...
fuse Loading commit data...
gfs2 Loading commit data...
hfs Loading commit data...
hfsplus Loading commit data...
hostfs Loading commit data...
hpfs Loading commit data...
hugetlbfs Loading commit data...
isofs Loading commit data...
jbd2 Loading commit data...
jffs2 Loading commit data...
jfs Loading commit data...
kernfs Loading commit data...
lockd Loading commit data...
minix Loading commit data...
nfs Loading commit data...
nfs_common Loading commit data...
nfsd Loading commit data...
nilfs2 Loading commit data...
nls Loading commit data...
notify Loading commit data...
ntfs Loading commit data...
ocfs2 Loading commit data...
omfs Loading commit data...
openpromfs Loading commit data...
orangefs Loading commit data...
overlayfs Loading commit data...
proc Loading commit data...
pstore Loading commit data...
qnx4 Loading commit data...
qnx6 Loading commit data...
quota Loading commit data...
ramfs Loading commit data...
reiserfs Loading commit data...
romfs Loading commit data...
squashfs Loading commit data...
sysfs Loading commit data...
sysv Loading commit data...
tracefs Loading commit data...
ubifs Loading commit data...
udf Loading commit data...
ufs Loading commit data...
xfs Loading commit data...
Kconfig Loading commit data...
Kconfig.binfmt Loading commit data...
Makefile Loading commit data...
aio.c Loading commit data...
anon_inodes.c Loading commit data...
attr.c Loading commit data...
bad_inode.c Loading commit data...
binfmt_aout.c Loading commit data...
binfmt_elf.c Loading commit data...
binfmt_elf_fdpic.c Loading commit data...
binfmt_em86.c Loading commit data...
binfmt_flat.c Loading commit data...
binfmt_misc.c Loading commit data...
binfmt_script.c Loading commit data...
block_dev.c Loading commit data...
buffer.c Loading commit data...
char_dev.c Loading commit data...
compat.c Loading commit data...
compat_binfmt_elf.c Loading commit data...
compat_ioctl.c Loading commit data...
coredump.c Loading commit data...
d_path.c Loading commit data...
dax.c Loading commit data...
dcache.c Loading commit data...
dcookies.c Loading commit data...
direct-io.c Loading commit data...
drop_caches.c Loading commit data...
eventfd.c Loading commit data...
eventpoll.c Loading commit data...
exec.c Loading commit data...
fcntl.c Loading commit data...
fhandle.c Loading commit data...
file.c Loading commit data...
file_table.c Loading commit data...
filesystems.c Loading commit data...
fs-writeback.c Loading commit data...
fs_pin.c Loading commit data...
fs_struct.c Loading commit data...
inode.c Loading commit data...
internal.h Loading commit data...
ioctl.c Loading commit data...
iomap.c Loading commit data...
libfs.c Loading commit data...
locks.c Loading commit data...
mbcache.c Loading commit data...
mount.h Loading commit data...
mpage.c Loading commit data...
namei.c Loading commit data...
namespace.c Loading commit data...
no-block.c Loading commit data...
nsfs.c Loading commit data...
open.c Loading commit data...
pipe.c Loading commit data...
pnode.c Loading commit data...
pnode.h Loading commit data...
posix_acl.c Loading commit data...
proc_namespace.c Loading commit data...
read_write.c Loading commit data...
readdir.c Loading commit data...
select.c Loading commit data...
seq_file.c Loading commit data...
signalfd.c Loading commit data...
splice.c Loading commit data...
stack.c Loading commit data...
stat.c Loading commit data...
statfs.c Loading commit data...
super.c Loading commit data...
sync.c Loading commit data...
timerfd.c Loading commit data...
userfaultfd.c Loading commit data...
utimes.c Loading commit data...
xattr.c Loading commit data...