summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChuck Lever <chuck.lever@oracle.com>2006-10-20 10:28:43 +0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-10-20 21:26:39 +0400
commit71bdcf8056f910dc57ea3d0def80a9329e7dc52d (patch)
tree293bf48584d44b5e27cb5050d4e4ccb5254388a2
parentb87c0adfeaaf8d8310c4f790d76072a5961b3518 (diff)
downloadlinux-71bdcf8056f910dc57ea3d0def80a9329e7dc52d.tar.xz
[PATCH] SUNRPC: fix race in in-kernel RPC portmapper client
When submitting a request to a fast portmapper (such as the local rpcbind daemon), the request can complete before the parent task is even queued up on xprt->binding. Fix this by queuing before submitting the rpcbind request. Test plan: Connectathon locking test with UDP. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--net/sunrpc/pmap_clnt.c14
1 files changed, 7 insertions, 7 deletions
diff --git a/net/sunrpc/pmap_clnt.c b/net/sunrpc/pmap_clnt.c
index 919d5ba7ca0a..e52afab413de 100644
--- a/net/sunrpc/pmap_clnt.c
+++ b/net/sunrpc/pmap_clnt.c
@@ -101,11 +101,13 @@ void rpc_getport(struct rpc_task *task)
/* Autobind on cloned rpc clients is discouraged */
BUG_ON(clnt->cl_parent != clnt);
- if (xprt_test_and_set_binding(xprt)) {
- task->tk_status = -EACCES; /* tell caller to check again */
- rpc_sleep_on(&xprt->binding, task, NULL, NULL);
- return;
- }
+ /* Put self on queue before sending rpcbind request, in case
+ * pmap_getport_done completes before we return from rpc_run_task */
+ rpc_sleep_on(&xprt->binding, task, NULL, NULL);
+
+ status = -EACCES; /* tell caller to check again */
+ if (xprt_test_and_set_binding(xprt))
+ goto bailout_nofree;
/* Someone else may have bound if we slept */
status = 0;
@@ -134,8 +136,6 @@ void rpc_getport(struct rpc_task *task)
goto bailout;
rpc_release_task(child);
- rpc_sleep_on(&xprt->binding, task, NULL, NULL);
-
task->tk_xprt->stat.bind_count++;
return;