From: Rama Nichanamatlu Date: Wed, 3 Sep 2014 10:17:40 +0000 (-0700) Subject: rds: fix NULL pointer dereference panic during rds module unload X-Git-Tag: v4.1.12-92~293^2^2~22 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=dbbcf5dd7c595709fa3bafe240f29f8b57e2923d;p=users%2Fjedix%2Flinux-maple.git rds: fix NULL pointer dereference panic during rds module unload This issue reported happens during an unload of rds module with rds reconnect timeout worker scheduled to execute in the future, and rds module unloaded earlier than that. rds reconnect timeout worker was introduced by 8991a87c6c3fc8b17383a140bd6f15a958e31298 ( RDS: SA query optimization) commit. Fix is to flush/cancel any reconnect timeout workers while performing rds connections destroy which is done during module unload. Orabug: 18952475 Signed-off-by: Rama Nichanamatlu Acked-by: Chien Yen Signed-off-by: Guangyu Sun (cherry picked from commit 26c0879e51915b9ba0526d9a3630e08d2cc51a2b) --- diff --git a/net/rds/connection.c b/net/rds/connection.c index 7a53a8eaae86..b772e4ac06f1 100644 --- a/net/rds/connection.c +++ b/net/rds/connection.c @@ -380,6 +380,13 @@ void rds_conn_destroy(struct rds_connection *conn) rds_conn_drop(conn); flush_work(&conn->c_down_w); + /* now that conn down worker is flushed; there cannot be any + * more posting of reconn timeout work. But cancel any already + * posted reconn timeout worker as there is a race between rds + * module unload and a pending reconn delay work. + */ + cancel_delayed_work_sync(&conn->c_reconn_w); + /* make sure lingering queued work won't try to ref the conn */ cancel_delayed_work_sync(&conn->c_send_w); cancel_delayed_work_sync(&conn->c_recv_w);