There are two callers of this function and they both unlock the mutex so
this ends up being a double unlock.
Fixes: 44ed167da748 ("drbd: rcu_read_lock() and rcu_dereference() for tconn->net_conf")
Signed-off-by: Dan Carpenter <[email protected]>
---
Static analisys. Not tested. There is a comment about the lock next to
the caller in drbd_nl.c that I didn't understand:
drivers/block/drbd/drbd_nl.c
2509 crypto_free_shash(connection->integrity_tfm);
2510 connection->integrity_tfm = crypto.integrity_tfm;
2511 if (connection->cstate >= C_WF_REPORT_PARAMS && connection->agreed_pro_version >= 100)
2512 /* Do this without trying to take connection->data.mutex again. */
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
What does this mean? We're already holding that lock. We took it near
the start of the function.
2513 __drbd_send_protocol(connection, P_PROTOCOL_UPDATE);
2514
2515 crypto_free_shash(connection->cram_hmac_tfm);
2516 connection->cram_hmac_tfm = crypto.cram_hmac_tfm;
2517
2518 mutex_unlock(&connection->resource->conf_update);
2519 mutex_unlock(&connection->data.mutex);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Unlocked here.
drivers/block/drbd/drbd_main.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
index 5b248763a672..a18155cdce41 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c
@@ -786,7 +786,6 @@ int __drbd_send_protocol(struct drbd_connection *connection, enum drbd_packet cm
if (nc->tentative && connection->agreed_pro_version < 92) {
rcu_read_unlock();
- mutex_unlock(&sock->mutex);
drbd_err(connection, "--dry-run is not supported by peer");
return -EOPNOTSUPP;
}
--
2.20.1
Hi Dan,
yes, your patch it obviously correct. The comment you are
referring to is badly worded. We will remove it.
Jens,
are you taking this patch as it is?
best regards,
Phil
Am Donnerstag, 7. November 2019, 08:48:47 CET schrieb Dan Carpenter:
> There are two callers of this function and they both unlock the mutex so
> this ends up being a double unlock.
>
> Fixes: 44ed167da748 ("drbd: rcu_read_lock() and rcu_dereference() for
> tconn->net_conf") Signed-off-by: Dan Carpenter <[email protected]>
> ---
> Static analisys. Not tested. There is a comment about the lock next to
> the caller in drbd_nl.c that I didn't understand:
>
> drivers/block/drbd/drbd_nl.c
> 2509 crypto_free_shash(connection->integrity_tfm);
> 2510 connection->integrity_tfm = crypto.integrity_tfm;
> 2511 if (connection->cstate >= C_WF_REPORT_PARAMS &&
> connection->agreed_pro_version >= 100) 2512 /* Do this
> without trying to take connection->data.mutex again. */
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ What does this
> mean? We're already holding that lock. We took it near the start of the
> function.
>
> 2513 __drbd_send_protocol(connection, P_PROTOCOL_UPDATE);
> 2514
> 2515 crypto_free_shash(connection->cram_hmac_tfm);
> 2516 connection->cram_hmac_tfm = crypto.cram_hmac_tfm;
> 2517
> 2518 mutex_unlock(&connection->resource->conf_update);
> 2519 mutex_unlock(&connection->data.mutex);
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Unlocked here.
>
> drivers/block/drbd/drbd_main.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
> index 5b248763a672..a18155cdce41 100644
> --- a/drivers/block/drbd/drbd_main.c
> +++ b/drivers/block/drbd/drbd_main.c
> @@ -786,7 +786,6 @@ int __drbd_send_protocol(struct drbd_connection
> *connection, enum drbd_packet cm
>
> if (nc->tentative && connection->agreed_pro_version < 92) {
> rcu_read_unlock();
> - mutex_unlock(&sock->mutex);
> drbd_err(connection, "--dry-run is not supported by peer");
> return -EOPNOTSUPP;
> }
--
LINBIT | Keeping The Digital World Running
DRBD? and LINBIT? are registered trademarks of LINBIT, Austria.
On 11/8/19 3:46 AM, Philipp Reisner wrote:
> Hi Dan,
>
> yes, your patch it obviously correct. The comment you are
> referring to is badly worded. We will remove it.
>
> Jens,
>
> are you taking this patch as it is?
Yep, I'll queue it up.
--
Jens Axboe
On 11/8/19 9:26 AM, Bart Van Assche wrote:
> On 11/6/19 11:48 PM, Dan Carpenter wrote:
>> There are two callers of this function and they both unlock the mutex so
>> this ends up being a double unlock.
>
> Is there a typo in the patch subject (stay -> stray)?
I fixed that up while applying, fwiw.
--
Jens Axboe
On 11/6/19 11:48 PM, Dan Carpenter wrote:
> There are two callers of this function and they both unlock the mutex so
> this ends up being a double unlock.
Is there a typo in the patch subject (stay -> stray)?
Thanks,
Bart.