SUNRPC: Don't call connect() more than once on a TCP socket

commit 89f42494f92f448747bd8a7ab1ae8b5d5520577d upstream.

Avoid socket state races due to repeated calls to ->connect() using the
same socket. If connect() returns 0 due to the connection having
completed, but we are in fact in a closing state, then we may leave the
XPRT_CONNECTING flag set on the transport.

Reported-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Fixes: 3be232f11a3c ("SUNRPC: Prevent immediate close+reconnect")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/include/linux/sunrpc/xprtsock.h b/include/linux/sunrpc/xprtsock.h
index 8c2a712..689062a 100644 (file)
--- a/include/linux/sunrpc/xprtsock.h
+++ b/include/linux/sunrpc/xprtsock.h
@@ -89,5 +89,6 @@ struct sock_xprt {
 #define XPRT_SOCK_WAKE_WRITE   (5)
 #define XPRT_SOCK_WAKE_PENDING (6)
 #define XPRT_SOCK_WAKE_DISCONNECT      (7)
+#define XPRT_SOCK_CONNECT_SENT (8)
 
 #endif /* _LINUX_SUNRPC_XPRTSOCK_H */

diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c
index 8bc5830..c2f7819 100644 (file)
--- a/net/sunrpc/xprtsock.c
+++ b/net/sunrpc/xprtsock.c
@@ -2257,6 +2257,7 @@ static int xs_tcp_finish_connecting(struct rpc_xprt *xprt, struct socket *sock)
                fallthrough;
        case -EINPROGRESS:
                /* SYN_SENT! */
+               set_bit(XPRT_SOCK_CONNECT_SENT, &transport->sock_state);
                if (xprt->reestablish_timeout < XS_TCP_INIT_REEST_TO)
                        xprt->reestablish_timeout = XS_TCP_INIT_REEST_TO;
                break;
@@ -2282,10 +2283,14 @@ static void xs_tcp_setup_socket(struct work_struct *work)
        struct rpc_xprt *xprt = &transport->xprt;
        int status = -EIO;
 
-       if (!sock) {
-               sock = xs_create_sock(xprt, transport,
-                               xs_addr(xprt)->sa_family, SOCK_STREAM,
-                               IPPROTO_TCP, true);
+       if (xprt_connected(xprt))
+               goto out;
+       if (test_and_clear_bit(XPRT_SOCK_CONNECT_SENT,
+                              &transport->sock_state) ||
+           !sock) {
+               xs_reset_transport(transport);
+               sock = xs_create_sock(xprt, transport, xs_addr(xprt)->sa_family,
+                                     SOCK_STREAM, IPPROTO_TCP, true);
                if (IS_ERR(sock)) {
                        status = PTR_ERR(sock);
                        goto out;
@@ -2365,13 +2370,9 @@ static void xs_connect(struct rpc_xprt *xprt, struct rpc_task *task)
 
        WARN_ON_ONCE(!xprt_lock_connect(xprt, task, transport));
 
-       if (transport->sock != NULL && !xprt_connecting(xprt)) {
+       if (transport->sock != NULL) {
                dprintk("RPC:       xs_connect delayed xprt %p for %lu "
-                               "seconds\n",
-                               xprt, xprt->reestablish_timeout / HZ);
-
-               /* Start by resetting any existing state */
-               xs_reset_transport(transport);
+                       "seconds\n", xprt, xprt->reestablish_timeout / HZ);
 
                delay = xprt_reconnect_delay(xprt);
                xprt_reconnect_backoff(xprt, XS_TCP_INIT_REEST_TO);