rpc: gss: fix a kmap_atomic race in krb5 code

This code is never called from interrupt context; it's always run by either a user thread or rpciod. So KM_SKB_SUNRPC_DATA is inappropriate here. Thanks to Aimé Le Rouzic for capturing an oops which showed the kernel taking an interrupt while we were in this piece of code, resulting in a nested kmap_atomic(.,KM_SKB_SUNRPC_DATA) call from xdr_partial_copy_from_skb(). Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

rpc: gss: fix a kmap_atomic race in krb5 code
This code is never called from interrupt context; it's always run by either a user thread or rpciod. So KM_SKB_SUNRPC_DATA is inappropriate here. Thanks to Aimé Le Rouzic for capturing an oops which showed the kernel taking an interrupt while we were in this piece of code, resulting in a nested kmap_atomic(.,KM_SKB_SUNRPC_DATA) call from xdr_partial_copy_from_skb(). Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
87d918d6 · J. Bruce Fields · Trond Myklebust · 8fc7500b · 87d918d6
Commit 87d918d6 authored Dec 04, 2006 by J. Bruce Fields Committed by Trond Myklebust Dec 06, 2006
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

net/sunrpc/auth_gss/gss_krb5_wrap.c net/sunrpc/auth_gss/gss_krb5_wrap.c +2 -2

No files found.
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -57,9 +57,9 @@ gss_krb5_remove_padding(struct xdr_buf *buf, int blocksize)
 					>>PAGE_CACHE_SHIFT;
 		int offset = (buf->page_base + len - 1)
 					& (PAGE_CACHE_SIZE - 1);
-		ptr = kmap_atomic(buf->pages[last], KM_SKB_SUNRPC_DATA);
+		ptr = kmap_atomic(buf->pages[last], KM_USER0);
 		pad = *(ptr + offset);
-		kunmap_atomic(ptr, KM_SKB_SUNRPC_DATA);
+		kunmap_atomic(ptr, KM_USER0);
 		goto out;
 	} else
 		len -= buf->page_len;