Re: [PATCH net] rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up

[David Miller]

From: David Howells <dhowells@xxxxxxxxxx>
Date: Thu, 22 Aug 2019 13:26:38 +0100

> +	spin_lock(&rxnet->client_conn_cache_lock);
> +	nr_active = rxnet->nr_active_client_conns;
> +
> +	list_for_each_entry_safe(conn, tmp, &rxnet->idle_client_conns,
> +				 cache_link) {
> +		if (conn->params.local == local) {
> +			ASSERTCMP(conn->cache_state, ==, RXRPC_CONN_CLIENT_IDLE);
> +
> +			trace_rxrpc_client(conn, -1, rxrpc_client_discard);
> +			if (!test_and_clear_bit(RXRPC_CONN_EXPOSED, &conn->flags))
> +				BUG();
> +			conn->cache_state = RXRPC_CONN_CLIENT_INACTIVE;
> +			list_move(&conn->cache_link, &graveyard);
> +			nr_active--;
> +		}
> +	}
> +
> +	rxnet->nr_active_client_conns = nr_active;
> +	spin_unlock(&rxnet->client_conn_cache_lock);
> +	ASSERTCMP(nr_active, >=, 0);
> +
> +	spin_lock(&rxnet->client_conn_cache_lock);
> +	while (!list_empty(&graveyard)) {
> +		conn = list_entry(graveyard.next,
> +				  struct rxrpc_connection, cache_link);
> +		list_del_init(&conn->cache_link);
> +		spin_unlock(&rxnet->client_conn_cache_lock);
> +
> +		rxrpc_put_connection(conn);
> +
> +		spin_lock(&rxnet->client_conn_cache_lock);
> +	}
> +	spin_unlock(&rxnet->client_conn_cache_lock);
> +
> +	_leave(" [culled]");

Once you've removed the entries from the globally visible idle_client_comms
list, and put them on the local garbage list, they cannot be seen in any way
by external threads of control outside of this function.

Therefore, you don't need to take the client_conn_cache_lock at all in the
second while loop.