Commit f8f7e0fb authored May 01, 2021 by Baptiste Lepers Committed by Trond Myklebust May 01, 2021

sunrpc: Fix misplaced barrier in call_decode



Fix a misplaced barrier in call_decode. The struct rpc_rqst is modified
as follows by xprt_complete_rqst:

req->rq_private_buf.len = copied;
/* Ensure all writes are done before we update */
/* req->rq_reply_bytes_recvd */
smp_wmb();
req->rq_reply_bytes_recvd = copied;

And currently read as follows by call_decode:

smp_rmb(); // misplaced
if (!req->rq_reply_bytes_recvd)
   goto out;
req->rq_rcv_buf.len = req->rq_private_buf.len;

This patch places the smp_rmb after the if to ensure that
rq_reply_bytes_recvd and rq_private_buf.len are read in order.

Fixes: 9ba82886 ("SUNRPC: Don't try to parse incomplete RPC messages")
Signed-off-by: Baptiste Lepers <baptiste.lepers@gmail.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

parent d9092b4b

net/sunrpc/clnt.c

+5 −6

Original line number	Diff line number	Diff line
		@@ -2456,12 +2456,6 @@ call_decode(struct rpc_task *task)
		task->tk_flags &= ~RPC_CALL_MAJORSEEN;
		}

		/*
		* Ensure that we see all writes made by xprt_complete_rqst()
		* before it changed req->rq_reply_bytes_recvd.
		*/
		smp_rmb();

		/*
		* Did we ever call xprt_complete_rqst()? If not, we should assume
		* the message is incomplete.
		@@ -2470,6 +2464,11 @@ call_decode(struct rpc_task *task)
		if (!req->rq_reply_bytes_recvd)
		goto out;

		/* Ensure that we see all writes made by xprt_complete_rqst()
		* before it changed req->rq_reply_bytes_recvd.
		*/
		smp_rmb();

		req->rq_rcv_buf.len = req->rq_private_buf.len;
		trace_rpc_xdr_recvfrom(task, &req->rq_rcv_buf);