RDS: Fix m_rs_lock deadlock
Andy Grover [Wed, 1 Apr 2009 08:20:18 +0000 (08:20 +0000)]
rs_send_drop_to() is called during socket close. If it takes
m_rs_lock without disabling interrupts, then
rds_send_remove_from_sock() can run from the rx completion
handler and thus deadlock.

Signed-off-by: Andy Grover <andy.grover@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/rds/send.c

index 1b37364..104fe03 100644 (file)
@@ -615,7 +615,7 @@ void rds_send_drop_to(struct rds_sock *rs, struct sockaddr_in *dest)
 {
        struct rds_message *rm, *tmp;
        struct rds_connection *conn;
-       unsigned long flags;
+       unsigned long flags, flags2;
        LIST_HEAD(list);
        int wake = 0;
 
@@ -651,9 +651,9 @@ void rds_send_drop_to(struct rds_sock *rs, struct sockaddr_in *dest)
        list_for_each_entry(rm, &list, m_sock_item) {
                /* We do this here rather than in the loop above, so that
                 * we don't have to nest m_rs_lock under rs->rs_lock */
-               spin_lock(&rm->m_rs_lock);
+               spin_lock_irqsave(&rm->m_rs_lock, flags2);
                rm->m_rs = NULL;
-               spin_unlock(&rm->m_rs_lock);
+               spin_unlock_irqrestore(&rm->m_rs_lock, flags2);
 
                /*
                 * If we see this flag cleared then we're *sure* that someone