Commit b1c8d2b4 authored by Jeff Layton's avatar Jeff Layton Committed by Steve French

cifs: handle the TCP_Server_Info->tsk field more carefully

cifs: handle the TCP_Server_Info->tsk field more carefully

We currently handle the TCP_Server_Info->tsk field without any locking,
but with some half-measures to try and prevent races. These aren't
really sufficient though. When taking down cifsd, use xchg() to swap
the contents of the tsk field with NULL so we don't end up trying
to send it more than one signal. Also, don't allow cifsd to exit until
the signal is received if we expect one.
Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent 8d281efb
...@@ -750,6 +750,7 @@ cifs_demultiplex_thread(struct TCP_Server_Info *server) ...@@ -750,6 +750,7 @@ cifs_demultiplex_thread(struct TCP_Server_Info *server)
write_unlock(&GlobalSMBSeslock); write_unlock(&GlobalSMBSeslock);
kfree(server->hostname); kfree(server->hostname);
task_to_wake = xchg(&server->tsk, NULL);
kfree(server); kfree(server);
length = atomic_dec_return(&tcpSesAllocCount); length = atomic_dec_return(&tcpSesAllocCount);
...@@ -757,6 +758,16 @@ cifs_demultiplex_thread(struct TCP_Server_Info *server) ...@@ -757,6 +758,16 @@ cifs_demultiplex_thread(struct TCP_Server_Info *server)
mempool_resize(cifs_req_poolp, length + cifs_min_rcv, mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
GFP_KERNEL); GFP_KERNEL);
/* if server->tsk was NULL then wait for a signal before exiting */
if (!task_to_wake) {
set_current_state(TASK_INTERRUPTIBLE);
while (!signal_pending(current)) {
schedule();
set_current_state(TASK_INTERRUPTIBLE);
}
set_current_state(TASK_RUNNING);
}
return 0; return 0;
} }
...@@ -1846,6 +1857,16 @@ convert_delimiter(char *path, char delim) ...@@ -1846,6 +1857,16 @@ convert_delimiter(char *path, char delim)
} }
} }
static void
kill_cifsd(struct TCP_Server_Info *server)
{
struct task_struct *task;
task = xchg(&server->tsk, NULL);
if (task)
force_sig(SIGKILL, task);
}
int int
cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
char *mount_data, const char *devname) char *mount_data, const char *devname)
...@@ -2233,7 +2254,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, ...@@ -2233,7 +2254,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
spin_lock(&GlobalMid_Lock); spin_lock(&GlobalMid_Lock);
srvTcp->tcpStatus = CifsExiting; srvTcp->tcpStatus = CifsExiting;
spin_unlock(&GlobalMid_Lock); spin_unlock(&GlobalMid_Lock);
force_sig(SIGKILL, srvTcp->tsk); kill_cifsd(srvTcp);
} }
/* If find_unc succeeded then rc == 0 so we can not end */ /* If find_unc succeeded then rc == 0 so we can not end */
if (tcon) /* up accidently freeing someone elses tcon struct */ if (tcon) /* up accidently freeing someone elses tcon struct */
...@@ -2246,19 +2267,15 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, ...@@ -2246,19 +2267,15 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
temp_rc = CIFSSMBLogoff(xid, pSesInfo); temp_rc = CIFSSMBLogoff(xid, pSesInfo);
/* if the socketUseCount is now zero */ /* if the socketUseCount is now zero */
if ((temp_rc == -ESHUTDOWN) && if ((temp_rc == -ESHUTDOWN) &&
(pSesInfo->server) && (pSesInfo->server))
(pSesInfo->server->tsk)) kill_cifsd(pSesInfo->server);
force_sig(SIGKILL,
pSesInfo->server->tsk);
} else { } else {
cFYI(1, ("No session or bad tcon")); cFYI(1, ("No session or bad tcon"));
if ((pSesInfo->server) && if (pSesInfo->server) {
(pSesInfo->server->tsk)) {
spin_lock(&GlobalMid_Lock); spin_lock(&GlobalMid_Lock);
srvTcp->tcpStatus = CifsExiting; srvTcp->tcpStatus = CifsExiting;
spin_unlock(&GlobalMid_Lock); spin_unlock(&GlobalMid_Lock);
force_sig(SIGKILL, kill_cifsd(pSesInfo->server);
pSesInfo->server->tsk);
} }
} }
sesInfoFree(pSesInfo); sesInfoFree(pSesInfo);
...@@ -3545,7 +3562,6 @@ cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb) ...@@ -3545,7 +3562,6 @@ cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
int rc = 0; int rc = 0;
int xid; int xid;
struct cifsSesInfo *ses = NULL; struct cifsSesInfo *ses = NULL;
struct task_struct *cifsd_task;
char *tmp; char *tmp;
xid = GetXid(); xid = GetXid();
...@@ -3561,7 +3577,6 @@ cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb) ...@@ -3561,7 +3577,6 @@ cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
tconInfoFree(cifs_sb->tcon); tconInfoFree(cifs_sb->tcon);
if ((ses) && (ses->server)) { if ((ses) && (ses->server)) {
/* save off task so we do not refer to ses later */ /* save off task so we do not refer to ses later */
cifsd_task = ses->server->tsk;
cFYI(1, ("About to do SMBLogoff ")); cFYI(1, ("About to do SMBLogoff "));
rc = CIFSSMBLogoff(xid, ses); rc = CIFSSMBLogoff(xid, ses);
if (rc == -EBUSY) { if (rc == -EBUSY) {
...@@ -3569,8 +3584,8 @@ cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb) ...@@ -3569,8 +3584,8 @@ cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
return 0; return 0;
} else if (rc == -ESHUTDOWN) { } else if (rc == -ESHUTDOWN) {
cFYI(1, ("Waking up socket by sending signal")); cFYI(1, ("Waking up socket by sending signal"));
if (cifsd_task) if (ses->server)
force_sig(SIGKILL, cifsd_task); kill_cifsd(ses->server);
rc = 0; rc = 0;
} /* else - we have an smb session } /* else - we have an smb session
left on this socket do not kill cifsd */ left on this socket do not kill cifsd */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment