c8c25c6b07
BugLink: https://bugs.launchpad.net/bugs/2080595
commit f1acf1ac84d2ae97b7889b87223c1064df850069 upstream.
Functions rds_still_queued and rds_clear_recv_queue lock a given socket
in order to safely iterate over the incoming rds messages. However
calling rds_inc_put while under this lock creates a potential deadlock.
rds_inc_put may eventually call rds_message_purge, which will lock
m_rs_lock. This is the incorrect locking order since m_rs_lock is
meant to be locked before the socket. To fix this, we move the message
item to a local list or variable that wont need rs_recv_lock protection.
Then we can safely call rds_inc_put on any item stored locally after
rs_recv_lock is released.
Fixes:
|
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| af_rds.c | ||
| bind.c | ||
| cong.c | ||
| connection.c | ||
| ib.c | ||
| ib.h | ||
| ib_cm.c | ||
| ib_fmr.c | ||
| ib_frmr.c | ||
| ib_mr.h | ||
| ib_rdma.c | ||
| ib_recv.c | ||
| ib_ring.c | ||
| ib_send.c | ||
| ib_stats.c | ||
| ib_sysctl.c | ||
| info.c | ||
| info.h | ||
| loop.c | ||
| loop.h | ||
| message.c | ||
| page.c | ||
| rdma.c | ||
| rdma_transport.c | ||
| rdma_transport.h | ||
| rds.h | ||
| rds_single_path.h | ||
| recv.c | ||
| send.c | ||
| stats.c | ||
| sysctl.c | ||
| tcp.c | ||
| tcp.h | ||
| tcp_connect.c | ||
| tcp_listen.c | ||
| tcp_recv.c | ||
| tcp_send.c | ||
| tcp_stats.c | ||
| threads.c | ||
| transport.c | ||