From a271c5a0dea418931b6a903ef85adc30ad4c54be Mon Sep 17 00:00:00 2001 From: OGAWA Hirofumi Date: Sun, 27 Mar 2011 17:48:57 +0200 Subject: NFS: Ensure that rpc_release_resources_task() can be called twice. BUG: atomic_dec_and_test(): -1: atomic counter underflow at: Pid: 2827, comm: mount.nfs Not tainted 2.6.38 #1 Call Trace: [] ? put_rpccred+0x44/0x14e [sunrpc] [] ? rpc_ping+0x4e/0x58 [sunrpc] [] ? rpc_create+0x481/0x4fc [sunrpc] [] ? rpcauth_lookup_credcache+0xab/0x22d [sunrpc] [] ? nfs_create_rpc_client+0xa6/0xeb [nfs] [] ? nfs4_set_client+0xc2/0x1f9 [nfs] [] ? nfs4_create_server+0xf2/0x2a6 [nfs] [] ? nfs4_remote_mount+0x4e/0x14a [nfs] [] ? vfs_kern_mount+0x6e/0x133 [] ? nfs_do_root_mount+0x76/0x95 [nfs] [] ? nfs4_try_mount+0x56/0xaf [nfs] [] ? nfs_get_sb+0x435/0x73c [nfs] [] ? vfs_kern_mount+0x99/0x133 [] ? do_kern_mount+0x48/0xd8 [] ? do_mount+0x6da/0x741 [] ? sys_mount+0x83/0xc0 [] ? system_call_fastpath+0x16/0x1b Well, so, I think this is real bug of nfs codes somewhere. With some review, the code rpc_call_sync() rpc_run_task rpc_execute() __rpc_execute() rpc_release_task() rpc_release_resources_task() put_rpccred() <= release cred rpc_put_task rpc_do_put_task() rpc_release_resources_task() put_rpccred() <= release cred again seems to be release cred unintendedly. Signed-off-by: OGAWA Hirofumi Signed-off-by: Trond Myklebust --- net/sunrpc/sched.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'net/sunrpc') diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c index ffb687671da0..6b43ee7221d5 100644 --- a/net/sunrpc/sched.c +++ b/net/sunrpc/sched.c @@ -860,8 +860,10 @@ static void rpc_release_resources_task(struct rpc_task *task) { if (task->tk_rqstp) xprt_release(task); - if (task->tk_msg.rpc_cred) + if (task->tk_msg.rpc_cred) { put_rpccred(task->tk_msg.rpc_cred); + task->tk_msg.rpc_cred = NULL; + } rpc_task_release_client(task); } -- cgit v1.2.3