Commit 5bbd6e86 authored Feb 01, 2025 by Trond Myklebust Committed by Anna Schumaker Feb 19, 2025

SUNRPC: Prevent looping due to rpc_signal_task() races



If rpc_signal_task() is called while a task is in an rpc_call_done()
callback function, and the latter calls rpc_restart_call(), the task can
end up looping due to the RPC_TASK_SIGNALLED flag being set without the
tk_rpc_status being set.
Removing the redundant mechanism for signalling the task fixes the
looping behaviour.

Reported-by: Li Lingfeng <lilingfeng3@huawei.com>
Fixes: 39494194 ("SUNRPC: Fix races with rpc_killall_tasks()")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Anna Schumaker <anna.schumaker@oracle.com>

parent 88025c67

include/linux/sunrpc/sched.h

+1 −2

Original line number	Diff line number	Diff line
		@@ -158,7 +158,6 @@ enum {
		RPC_TASK_NEED_XMIT,
		RPC_TASK_NEED_RECV,
		RPC_TASK_MSG_PIN_WAIT,
		RPC_TASK_SIGNALLED,
		};

		#define rpc_test_and_set_running(t) \
		@@ -171,7 +170,7 @@ enum {

		#define RPC_IS_ACTIVATED(t) test_bit(RPC_TASK_ACTIVE, &(t)->tk_runstate)

		#define RPC_SIGNALLED(t) test_bit(RPC_TASK_SIGNALLED, &(t)->tk_runstate)
		#define RPC_SIGNALLED(t) (READ_ONCE(task->tk_rpc_status) == -ERESTARTSYS)

		/*
		* Task priorities.

include/trace/events/sunrpc.h

+1 −2

Original line number	Diff line number	Diff line
		@@ -360,8 +360,7 @@ TRACE_EVENT(rpc_request,
		{ (1UL << RPC_TASK_ACTIVE), "ACTIVE" }, \
		{ (1UL << RPC_TASK_NEED_XMIT), "NEED_XMIT" }, \
		{ (1UL << RPC_TASK_NEED_RECV), "NEED_RECV" }, \
		{ (1UL << RPC_TASK_MSG_PIN_WAIT), "MSG_PIN_WAIT" }, \
		{ (1UL << RPC_TASK_SIGNALLED), "SIGNALLED" })
		{ (1UL << RPC_TASK_MSG_PIN_WAIT), "MSG_PIN_WAIT" })

		DECLARE_EVENT_CLASS(rpc_task_running,

net/sunrpc/sched.c

+0 −2

Original line number	Diff line number	Diff line
		@@ -864,8 +864,6 @@ void rpc_signal_task(struct rpc_task *task)
		if (!rpc_task_set_rpc_status(task, -ERESTARTSYS))
		return;
		trace_rpc_task_signalled(task, task->tk_action);
		set_bit(RPC_TASK_SIGNALLED, &task->tk_runstate);
		smp_mb__after_atomic();
		queue = READ_ONCE(task->tk_waitqueue);
		if (queue)
		rpc_wake_up_queued_task(queue, task);