mirror of https://github.com/torvalds/linux.git
1a047060a9
This patch is suitable for just about any 2.6 kernel. It should go in 2.6.19 and 2.6.18.2 and possible even the .17 and .16 stable series. This is a long standing bug that seems to have only recently become apparent, presumably due to increasing use of NFS over TCP - many distros seem to be making it the default. The SK_CONN bit gets set when a listening socket may be ready for an accept, just as SK_DATA is set when data may be available. It is entirely possible for svc_tcp_accept to be called with neither of these set. It doesn't happen often but there is a small race in svc_sock_enqueue as SK_CONN and SK_DATA are tested outside the spin_lock. They could be cleared immediately after the test and before the lock is gained. This normally shouldn't be a problem. The sockets are non-blocking so trying to read() or accept() when ther is nothing to do is not a problem. However: svc_tcp_recvfrom makes the decision "Should I accept() or should I read()" based on whether SK_CONN is set or not. This usually works but is not safe. The decision should be based on whether it is a TCP_LISTEN socket or a TCP_CONNECTED socket. Signed-off-by: Neil Brown <neilb@suse.de> Cc: Adrian Bunk <bunk@stusta.de> Cc: <stable@kernel.org> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
||
|---|---|---|
| .. | ||
| auth_gss | ||
| Makefile | ||
| auth.c | ||
| auth_null.c | ||
| auth_unix.c | ||
| cache.c | ||
| clnt.c | ||
| pmap_clnt.c | ||
| rpc_pipe.c | ||
| sched.c | ||
| socklib.c | ||
| stats.c | ||
| sunrpc_syms.c | ||
| svc.c | ||
| svcauth.c | ||
| svcauth_unix.c | ||
| svcsock.c | ||
| sysctl.c | ||
| timer.c | ||
| xdr.c | ||
| xprt.c | ||
| xprtsock.c | ||