From 87d918d667e51962938392759aef6ca368d6e96d Mon Sep 17 00:00:00 2001 From: "J. Bruce Fields" Date: Mon, 4 Dec 2006 20:22:32 -0500 Subject: [PATCH] rpc: gss: fix a kmap_atomic race in krb5 code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This code is never called from interrupt context; it's always run by either a user thread or rpciod. So KM_SKB_SUNRPC_DATA is inappropriate here. Thanks to Aimé Le Rouzic for capturing an oops which showed the kernel taking an interrupt while we were in this piece of code, resulting in a nested kmap_atomic(.,KM_SKB_SUNRPC_DATA) call from xdr_partial_copy_from_skb(). Signed-off-by: J. Bruce Fields Signed-off-by: Trond Myklebust --- net/sunrpc/auth_gss/gss_krb5_wrap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c index 0f512e8e0d19..ad243872f547 100644 --- a/net/sunrpc/auth_gss/gss_krb5_wrap.c +++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c @@ -57,9 +57,9 @@ gss_krb5_remove_padding(struct xdr_buf *buf, int blocksize) >>PAGE_CACHE_SHIFT; int offset = (buf->page_base + len - 1) & (PAGE_CACHE_SIZE - 1); - ptr = kmap_atomic(buf->pages[last], KM_SKB_SUNRPC_DATA); + ptr = kmap_atomic(buf->pages[last], KM_USER0); pad = *(ptr + offset); - kunmap_atomic(ptr, KM_SKB_SUNRPC_DATA); + kunmap_atomic(ptr, KM_USER0); goto out; } else len -= buf->page_len;