diff options
| author | David Howells <dhowells@redhat.com> | 2020-10-16 13:21:14 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-10-29 10:11:51 +0100 |
| commit | 72ba8ec11f5f9eeb4f58c61a136cb783a3ce84e1 (patch) | |
| tree | 7c831e9eac9cc3dca44bcbeafb6ab77229015c89 /fs | |
| parent | 34a3fc1ec41c92002511109abd2c939a3bb7486a (diff) | |
| download | linux-stable-72ba8ec11f5f9eeb4f58c61a136cb783a3ce84e1.tar.gz linux-stable-72ba8ec11f5f9eeb4f58c61a136cb783a3ce84e1.tar.bz2 linux-stable-72ba8ec11f5f9eeb4f58c61a136cb783a3ce84e1.zip | |
afs: Fix cell removal
[ Upstream commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 ]
Fix cell removal by inserting a more final state than AFS_CELL_FAILED that
indicates that the cell has been unpublished in case the manager is already
requeued and will go through again. The new AFS_CELL_REMOVED state will
just immediately leave the manager function.
Going through a second time in the AFS_CELL_FAILED state will cause it to
try to remove the cell again, potentially leading to the proc list being
removed.
Fixes: 989782dcdc91 ("afs: Overhaul cell database management")
Reported-by: syzbot+b994ecf2b023f14832c1@syzkaller.appspotmail.com
Reported-by: syzbot+0e0db88e1eb44a91ae8d@syzkaller.appspotmail.com
Reported-by: syzbot+2d0585e5efcd43d113c2@syzkaller.appspotmail.com
Reported-by: syzbot+1ecc2f9d3387f1d79d42@syzkaller.appspotmail.com
Reported-by: syzbot+18d51774588492bf3f69@syzkaller.appspotmail.com
Reported-by: syzbot+a5e4946b04d6ca8fa5f3@syzkaller.appspotmail.com
Suggested-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Hillf Danton <hdanton@sina.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/afs/cell.c | 16 | ||||
| -rw-r--r-- | fs/afs/internal.h | 1 |
2 files changed, 11 insertions, 6 deletions
diff --git a/fs/afs/cell.c b/fs/afs/cell.c index 1944be78e9b0..bc7ed46aaca9 100644 --- a/fs/afs/cell.c +++ b/fs/afs/cell.c @@ -291,11 +291,11 @@ wait_for_cell: wait_var_event(&cell->state, ({ state = smp_load_acquire(&cell->state); /* vs error */ - state == AFS_CELL_ACTIVE || state == AFS_CELL_FAILED; + state == AFS_CELL_ACTIVE || state == AFS_CELL_REMOVED; })); /* Check the state obtained from the wait check. */ - if (state == AFS_CELL_FAILED) { + if (state == AFS_CELL_REMOVED) { ret = cell->error; goto error; } @@ -700,7 +700,6 @@ static void afs_deactivate_cell(struct afs_net *net, struct afs_cell *cell) static void afs_manage_cell(struct afs_cell *cell) { struct afs_net *net = cell->net; - bool deleted; int ret, active; _enter("%s", cell->name); @@ -712,13 +711,15 @@ again: case AFS_CELL_FAILED: down_write(&net->cells_lock); active = 1; - deleted = atomic_try_cmpxchg_relaxed(&cell->active, &active, 0); - if (deleted) { + if (atomic_try_cmpxchg_relaxed(&cell->active, &active, 0)) { rb_erase(&cell->net_node, &net->cells); + smp_store_release(&cell->state, AFS_CELL_REMOVED); } up_write(&net->cells_lock); - if (deleted) + if (cell->state == AFS_CELL_REMOVED) { + wake_up_var(&cell->state); goto final_destruction; + } if (cell->state == AFS_CELL_FAILED) goto done; smp_store_release(&cell->state, AFS_CELL_UNSET); @@ -760,6 +761,9 @@ again: wake_up_var(&cell->state); goto again; + case AFS_CELL_REMOVED: + goto done; + default: break; } diff --git a/fs/afs/internal.h b/fs/afs/internal.h index 0363511290c8..06e617ee4cd1 100644 --- a/fs/afs/internal.h +++ b/fs/afs/internal.h @@ -326,6 +326,7 @@ enum afs_cell_state { AFS_CELL_DEACTIVATING, AFS_CELL_INACTIVE, AFS_CELL_FAILED, + AFS_CELL_REMOVED, }; /* |