diff options
| author | David Howells <dhowells@redhat.com> | 2018-09-27 17:13:09 +0300 | 
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2018-09-28 12:32:49 +0300 | 
| commit | 0099dc589bfa7caf6f2608c4cbc1181cfee22b0c (patch) | |
| tree | fd071d7aab3762ba2ab377892cb4c250923d50b8 /scripts/gcc-plugins/gcc-generate-simple_ipa-pass.h | |
| parent | 403fc2a138457f1071b186786a7589ef7382c8bc (diff) | |
| download | linux-0099dc589bfa7caf6f2608c4cbc1181cfee22b0c.tar.xz | |
rxrpc: Make service call handling more robust
Make the following changes to improve the robustness of the code that sets
up a new service call:
 (1) Cache the rxrpc_sock struct obtained in rxrpc_data_ready() to do a
     service ID check and pass that along to rxrpc_new_incoming_call().
     This means that I can remove the check from rxrpc_new_incoming_call()
     without the need to worry about the socket attached to the local
     endpoint getting replaced - which would invalidate the check.
 (2) Cache the rxrpc_peer struct, thereby allowing the peer search to be
     done once.  The peer is passed to rxrpc_new_incoming_call(), thereby
     saving the need to repeat the search.
     This also reduces the possibility of rxrpc_publish_service_conn()
     BUG()'ing due to the detection of a duplicate connection, despite the
     initial search done by rxrpc_find_connection_rcu() having turned up
     nothing.
     This BUG() shouldn't ever get hit since rxrpc_data_ready() *should* be
     non-reentrant and the result of the initial search should still hold
     true, but it has proven possible to hit.
     I *think* this may be due to __rxrpc_lookup_peer_rcu() cutting short
     the iteration over the hash table if it finds a matching peer with a
     zero usage count, but I don't know for sure since it's only ever been
     hit once that I know of.
     Another possibility is that a bug in rxrpc_data_ready() that checked
     the wrong byte in the header for the RXRPC_CLIENT_INITIATED flag
     might've let through a packet that caused a spurious and invalid call
     to be set up.  That is addressed in another patch.
 (3) Fix __rxrpc_lookup_peer_rcu() to skip peer records that have a zero
     usage count rather than stopping and returning not found, just in case
     there's another peer record behind it in the bucket.
 (4) Don't search the peer records in rxrpc_alloc_incoming_call(), but
     rather either use the peer cached in (2) or, if one wasn't found,
     preemptively install a new one.
Fixes: 8496af50eb38 ("rxrpc: Use RCU to access a peer's service connection tree")
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'scripts/gcc-plugins/gcc-generate-simple_ipa-pass.h')
0 files changed, 0 insertions, 0 deletions
