| Message ID | 20240725175334.473546-1-joannelkoong@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | fuse: check aborted connection before adding requests to pending list for resending | expand |
On Thu, Jul 25, 2024 at 10:53:34AM -0700, Joanne Koong wrote: > There is a race condition where inflight requests will not be aborted if > they are in the middle of being re-sent when the connection is aborted. > > If fuse_resend has already moved all the requests in the fpq->processing > lists to its private queue ("to_queue") and then the connection starts > and finishes aborting, these requests will be added to the pending queue > and remain on it indefinitely. > > Fixes: 760eac73f9f6 ("fuse: Introduce a new notification type for resend pending requests") > Signed-off-by: Joanne Koong <joannelkoong@gmail.com> Nice catch, you can add Reviewed-by: Josef Bacik <josef@toxicpanda.com> Thanks, Josef
On 7/26/24 1:53 AM, Joanne Koong wrote: > There is a race condition where inflight requests will not be aborted if > they are in the middle of being re-sent when the connection is aborted. > > If fuse_resend has already moved all the requests in the fpq->processing > lists to its private queue ("to_queue") and then the connection starts > and finishes aborting, these requests will be added to the pending queue > and remain on it indefinitely. > > Fixes: 760eac73f9f6 ("fuse: Introduce a new notification type for resend pending requests") > Signed-off-by: Joanne Koong <joannelkoong@gmail.com> > --- > fs/fuse/dev.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c > index 9eb191b5c4de..a11461ef6022 100644 > --- a/fs/fuse/dev.c > +++ b/fs/fuse/dev.c > @@ -31,6 +31,8 @@ MODULE_ALIAS("devname:fuse"); > > static struct kmem_cache *fuse_req_cachep; > > +static void end_requests(struct list_head *head); > + > static struct fuse_dev *fuse_get_dev(struct file *file) > { > /* > @@ -1820,6 +1822,13 @@ static void fuse_resend(struct fuse_conn *fc) > } > > spin_lock(&fiq->lock); > + if (!fiq->connected) { > + spin_unlock(&fiq->lock); > + list_for_each_entry(req, &to_queue, list) > + clear_bit(FR_PENDING, &req->flags); > + end_requests(&to_queue); > + return; > + } > /* iq and pq requests are both oldest to newest */ > list_splice(&to_queue, &fiq->pending); > fiq->ops->wake_pending_and_unlock(fiq); LGTM. Reviewed-by: Jingbo Xu <jefflexu@linux.alibaba.com>
On Thu, 25 Jul 2024 at 19:53, Joanne Koong <joannelkoong@gmail.com> wrote: > > There is a race condition where inflight requests will not be aborted if > they are in the middle of being re-sent when the connection is aborted. > > If fuse_resend has already moved all the requests in the fpq->processing > lists to its private queue ("to_queue") and then the connection starts > and finishes aborting, these requests will be added to the pending queue > and remain on it indefinitely. > > Fixes: 760eac73f9f6 ("fuse: Introduce a new notification type for resend pending requests") > Signed-off-by: Joanne Koong <joannelkoong@gmail.com> Applied, thanks. Miklos
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c index 9eb191b5c4de..a11461ef6022 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -31,6 +31,8 @@ MODULE_ALIAS("devname:fuse"); static struct kmem_cache *fuse_req_cachep; +static void end_requests(struct list_head *head); + static struct fuse_dev *fuse_get_dev(struct file *file) { /* @@ -1820,6 +1822,13 @@ static void fuse_resend(struct fuse_conn *fc) } spin_lock(&fiq->lock); + if (!fiq->connected) { + spin_unlock(&fiq->lock); + list_for_each_entry(req, &to_queue, list) + clear_bit(FR_PENDING, &req->flags); + end_requests(&to_queue); + return; + } /* iq and pq requests are both oldest to newest */ list_splice(&to_queue, &fiq->pending); fiq->ops->wake_pending_and_unlock(fiq);
There is a race condition where inflight requests will not be aborted if they are in the middle of being re-sent when the connection is aborted. If fuse_resend has already moved all the requests in the fpq->processing lists to its private queue ("to_queue") and then the connection starts and finishes aborting, these requests will be added to the pending queue and remain on it indefinitely. Fixes: 760eac73f9f6 ("fuse: Introduce a new notification type for resend pending requests") Signed-off-by: Joanne Koong <joannelkoong@gmail.com> --- fs/fuse/dev.c | 9 +++++++++ 1 file changed, 9 insertions(+)