Re: [PATCH v2] 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work

From: Dominique Martinet
Date: Fri Jun 12 2020 - 05:11:03 EST

Next message: Dan Carpenter: "drivers/s390/crypto/zcrypt_api.c:986 _zcrypt_send_ep11_cprb() error: uninitialized symbol 'pref_weight'."
Previous message: Igor Raits: "KVM hangs with many soft lockups purge_fragmented_blocks_allcpus"
In reply to: Wang Hai: "[PATCH v2] 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work"
Next in thread: wanghai (M): "Re: [PATCH v2] 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Wang Hai wrote on Fri, Jun 12, 2020:
> p9_read_work and p9_fd_cancelled may be called concurrently.
> In some cases, req->req_list may be deleted by both p9_read_work
> and p9_fd_cancelled.
>
> We can fix it by ignoring replies associated with a cancelled
> request and ignoring cancelled request if message has been received
> before lock.
>
> Fixes: 60ff779c4abb ("9p: client: remove unused code and any reference to "cancelled" function")
> Reported-by: syzbot+77a25acfa0382e06ab23@xxxxxxxxxxxxxxxxxxxxxxxxx
> Signed-off-by: Wang Hai <wanghai38@xxxxxxxxxx>

Thanks! looks good to me, I'll queue for 5.9 as well unless you're in a
hurry.
--
Dominique

Next message: Dan Carpenter: "drivers/s390/crypto/zcrypt_api.c:986 _zcrypt_send_ep11_cprb() error: uninitialized symbol 'pref_weight'."
Previous message: Igor Raits: "KVM hangs with many soft lockups purge_fragmented_blocks_allcpus"
In reply to: Wang Hai: "[PATCH v2] 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work"
Next in thread: wanghai (M): "Re: [PATCH v2] 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]