Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / 18ac61853cc4e44eb30e125fc8344a3b25c7b6fe^! / .
commit18ac61853cc4e44eb30e125fc8344a3b25c7b6fe[log] [tgz]
authorDavid Howells <dhowells@redhat.com>Sat Oct 20 00:57:59 2018 +0100
committerDavid Howells <dhowells@redhat.com>Wed Oct 24 00:41:09 2018 +0100
tree9565bfd8b0dec553d351ca13ce841a5e2bbeae7a
parent2feeaf8433c8e68de3d0a06a0ffe7742bcd13c1a [diff]
afs: Fix callback handling

In some circumstances, the callback interest pointer is NULL, so in such a
case we can't dereference it when checking to see if the callback is
broken.  This causes an oops in some circumstances.

Fix this by replacing the function that worked out the aggregate break
counter with one that actually does the comparison, and then make that
return true (ie. broken) if there is no callback interest as yet (ie. the
pointer is NULL).

Fixes: 68251f0a6818 ("afs: Fix whole-volume callback handling")
Signed-off-by: David Howells <dhowells@redhat.com>

diff --git a/fs/afs/fsclient.c b/fs/afs/fsclient.c
index 3975969..7c75a18 100644
--- a/fs/afs/fsclient.c
+++ b/fs/afs/fsclient.c

@@ -269,7 +269,7 @@
 
 	write_seqlock(&vnode->cb_lock);
 
-	if (call->cb_break == afs_cb_break_sum(vnode, cbi)) {
+	if (!afs_cb_is_broken(call->cb_break, vnode, cbi)) {
 		vnode->cb_version	= ntohl(*bp++);
 		cb_expiry		= ntohl(*bp++);
 		vnode->cb_type		= ntohl(*bp++);

diff --git a/fs/afs/internal.h b/fs/afs/internal.h
index e5b596b..b60d152 100644
--- a/fs/afs/internal.h
+++ b/fs/afs/internal.h

@@ -776,10 +776,13 @@
 	return vnode->cb_break + vnode->cb_s_break + vnode->cb_v_break;
 }
 
-static inline unsigned int afs_cb_break_sum(struct afs_vnode *vnode,
-					    struct afs_cb_interest *cbi)
+static inline bool afs_cb_is_broken(unsigned int cb_break,
+				    const struct afs_vnode *vnode,
+				    const struct afs_cb_interest *cbi)
 {
-	return vnode->cb_break + cbi->server->cb_s_break + vnode->volume->cb_v_break;
+	return !cbi || cb_break != (vnode->cb_break +
+				    cbi->server->cb_s_break +
+				    vnode->volume->cb_v_break);
 }
 
 /*

diff --git a/fs/afs/security.c b/fs/afs/security.c
index d1ae53f..5f58a9a 100644
--- a/fs/afs/security.c
+++ b/fs/afs/security.c

@@ -147,7 +147,8 @@
 					break;
 				}
 
-				if (cb_break != afs_cb_break_sum(vnode, vnode->cb_interest)) {
+				if (afs_cb_is_broken(cb_break, vnode,
+						     vnode->cb_interest)) {
 					changed = true;
 					break;
 				}
@@ -177,7 +178,7 @@
 		}
 	}
 
-	if (cb_break != afs_cb_break_sum(vnode, vnode->cb_interest))
+	if (afs_cb_is_broken(cb_break, vnode, vnode->cb_interest))
 		goto someone_else_changed_it;
 
 	/* We need a ref on any permits list we want to copy as we'll have to
@@ -256,7 +257,7 @@
 
 	spin_lock(&vnode->lock);
 	zap = rcu_access_pointer(vnode->permit_cache);
-	if (cb_break == afs_cb_break_sum(vnode, vnode->cb_interest) &&
+	if (!afs_cb_is_broken(cb_break, vnode, vnode->cb_interest) &&
 	    zap == permits)
 		rcu_assign_pointer(vnode->permit_cache, replacement);
 	else

diff --git a/fs/afs/yfsclient.c b/fs/afs/yfsclient.c
index d5e3f00..12658c1 100644
--- a/fs/afs/yfsclient.c
+++ b/fs/afs/yfsclient.c

@@ -324,7 +324,7 @@
 
 	write_seqlock(&vnode->cb_lock);
 
-	if (call->cb_break == afs_cb_break_sum(vnode, cbi)) {
+	if (!afs_cb_is_broken(call->cb_break, vnode, cbi)) {
 		cb_expiry = xdr_to_u64(xdr->expiration_time);
 		do_div(cb_expiry, 10 * 1000 * 1000);
 		vnode->cb_version	= ntohl(xdr->version);