diff options
author | Simon Derr <simon.derr@bull.net> | 2012-09-17 15:16:28 +0200 |
---|---|---|
committer | Eric Van Hensbergen <ericvh@gmail.com> | 2012-09-17 14:54:11 -0500 |
commit | 0462194d358c2e040282d4d1a4fd1aab84417e42 (patch) | |
tree | b89845ce0e5bccbbf681b12e07cc4d4c72105c2c /net/9p | |
parent | e549c1337133e85a6d6bc868d2d141a61a80975c (diff) | |
download | op-kernel-dev-0462194d358c2e040282d4d1a4fd1aab84417e42.zip op-kernel-dev-0462194d358c2e040282d4d1a4fd1aab84417e42.tar.gz |
9P: Fix race in p9_read_work()
Race scenario between p9_read_work() and p9_poll_mux()
Data arrive, Rworksched is set, p9_read_work() is called.
thread A thread B
p9_read_work()
.
reads data
.
checks if new data ready. No.
.
gets preempted
.
More data arrive, p9_poll_mux() is called. .
.
.
p9_poll_mux() .
.
if (!test_and_set_bit(Rworksched, .
&m->wsched)) { .
schedule_work(&m->rq); .
} .
.
-> does not schedule work because .
Rworksched is set .
.
clear_bit(Rworksched, &m->wsched);
return;
No work has been scheduled, and yet data are waiting.
Currently p9_read_work() checks if there is data to read,
and if not, it clears Rworksched.
I think it should clear Rworksched first, and then check if there is data to read.
Signed-off-by: Simon Derr <simon.derr@bull.net>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
Diffstat (limited to 'net/9p')
-rw-r--r-- | net/9p/trans_fd.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c index 6449bae..de1bbad 100644 --- a/net/9p/trans_fd.c +++ b/net/9p/trans_fd.c @@ -316,8 +316,7 @@ static void p9_read_work(struct work_struct *work) m->rsize - m->rpos); p9_debug(P9_DEBUG_TRANS, "mux %p got %d bytes\n", m, err); if (err == -EAGAIN) { - clear_bit(Rworksched, &m->wsched); - return; + goto end_clear; } if (err <= 0) @@ -379,19 +378,20 @@ static void p9_read_work(struct work_struct *work) m->req = NULL; } +end_clear: + clear_bit(Rworksched, &m->wsched); + if (!list_empty(&m->req_list)) { if (test_and_clear_bit(Rpending, &m->wsched)) n = POLLIN; else n = p9_fd_poll(m->client, NULL); - if (n & POLLIN) { + if ((n & POLLIN) && !test_and_set_bit(Rworksched, &m->wsched)) { p9_debug(P9_DEBUG_TRANS, "sched read work %p\n", m); schedule_work(&m->rq); - } else - clear_bit(Rworksched, &m->wsched); - } else - clear_bit(Rworksched, &m->wsched); + } + } return; error: |