aaf68cfbf2
If you lose this race, it can iput a socket inode twice and you get a BUG in fs/inode.c When I added the option for user-space to close a socket, I added some cruft to svc_delete_socket so that I could call that function when closing a socket per user-space request. This was the wrong thing to do. I should have just set SK_CLOSE and let normal mechanisms do the work. Not only wrong, but buggy. The locking is all wrong and it openned up a race where-by a socket could be closed twice. So this patch: Introduces svc_close_socket which sets SK_CLOSE then either leave the close up to a thread, or calls svc_delete_socket if it can get SK_BUSY. Adds a bias to sk_busy which is removed when SK_DEAD is set, This avoid races around shutting down the socket. Changes several 'spin_lock' to 'spin_lock_bh' where the _bh was missing. Bugzilla-url: http://bugzilla.kernel.org/show_bug.cgi?id=7916 Signed-off-by: Neil Brown <neilb@suse.de> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
78 lines
2.4 KiB
C
78 lines
2.4 KiB
C
/*
|
|
* linux/include/linux/sunrpc/svcsock.h
|
|
*
|
|
* RPC server socket I/O.
|
|
*
|
|
* Copyright (C) 1995, 1996 Olaf Kirch <okir@monad.swb.de>
|
|
*/
|
|
|
|
#ifndef SUNRPC_SVCSOCK_H
|
|
#define SUNRPC_SVCSOCK_H
|
|
|
|
#include <linux/sunrpc/svc.h>
|
|
|
|
/*
|
|
* RPC server socket.
|
|
*/
|
|
struct svc_sock {
|
|
struct list_head sk_ready; /* list of ready sockets */
|
|
struct list_head sk_list; /* list of all sockets */
|
|
struct socket * sk_sock; /* berkeley socket layer */
|
|
struct sock * sk_sk; /* INET layer */
|
|
|
|
struct svc_pool * sk_pool; /* current pool iff queued */
|
|
struct svc_serv * sk_server; /* service for this socket */
|
|
atomic_t sk_inuse; /* use count */
|
|
unsigned long sk_flags;
|
|
#define SK_BUSY 0 /* enqueued/receiving */
|
|
#define SK_CONN 1 /* conn pending */
|
|
#define SK_CLOSE 2 /* dead or dying */
|
|
#define SK_DATA 3 /* data pending */
|
|
#define SK_TEMP 4 /* temp (TCP) socket */
|
|
#define SK_DEAD 6 /* socket closed */
|
|
#define SK_CHNGBUF 7 /* need to change snd/rcv buffer sizes */
|
|
#define SK_DEFERRED 8 /* request on sk_deferred */
|
|
#define SK_OLD 9 /* used for temp socket aging mark+sweep */
|
|
#define SK_DETACHED 10 /* detached from tempsocks list */
|
|
|
|
atomic_t sk_reserved; /* space on outq that is reserved */
|
|
|
|
spinlock_t sk_defer_lock; /* protects sk_deferred */
|
|
struct list_head sk_deferred; /* deferred requests that need to
|
|
* be revisted */
|
|
struct mutex sk_mutex; /* to serialize sending data */
|
|
|
|
int (*sk_recvfrom)(struct svc_rqst *rqstp);
|
|
int (*sk_sendto)(struct svc_rqst *rqstp);
|
|
|
|
/* We keep the old state_change and data_ready CB's here */
|
|
void (*sk_ostate)(struct sock *);
|
|
void (*sk_odata)(struct sock *, int bytes);
|
|
void (*sk_owspace)(struct sock *);
|
|
|
|
/* private TCP part */
|
|
int sk_reclen; /* length of record */
|
|
int sk_tcplen; /* current read length */
|
|
time_t sk_lastrecv; /* time of last received request */
|
|
|
|
/* cache of various info for TCP sockets */
|
|
void *sk_info_authunix;
|
|
};
|
|
|
|
/*
|
|
* Function prototypes.
|
|
*/
|
|
int svc_makesock(struct svc_serv *, int, unsigned short);
|
|
void svc_close_socket(struct svc_sock *);
|
|
int svc_recv(struct svc_rqst *, long);
|
|
int svc_send(struct svc_rqst *);
|
|
void svc_drop(struct svc_rqst *);
|
|
void svc_sock_update_bufs(struct svc_serv *serv);
|
|
int svc_sock_names(char *buf, struct svc_serv *serv, char *toclose);
|
|
int svc_addsock(struct svc_serv *serv,
|
|
int fd,
|
|
char *name_return,
|
|
int *proto);
|
|
|
|
#endif /* SUNRPC_SVCSOCK_H */
|