rpc: gss: fix a kmap_atomic race in krb5 code

This code is never called from interrupt context; it's always run by either
a user thread or rpciod.  So KM_SKB_SUNRPC_DATA is inappropriate here.

Thanks to Aimé Le Rouzic for capturing an oops which showed the kernel
taking an interrupt while we were in this piece of code, resulting in a
nested kmap_atomic(.,KM_SKB_SUNRPC_DATA) call from
xdr_partial_copy_from_skb().

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
index 0f512e8e0d191e1ed8db9dfd08f12f5efbbf8b2d..ad243872f547a6396857bef84daa4bf942270c9f 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
@@ -57,9 +57,9 @@ gss_krb5_remove_padding(struct xdr_buf *buf, int blocksize)
                                        >>PAGE_CACHE_SHIFT;
                int offset = (buf->page_base + len - 1)
                                        & (PAGE_CACHE_SIZE - 1);
-               ptr = kmap_atomic(buf->pages[last], KM_SKB_SUNRPC_DATA);
+               ptr = kmap_atomic(buf->pages[last], KM_USER0);
                pad = *(ptr + offset);
-               kunmap_atomic(ptr, KM_SKB_SUNRPC_DATA);
+               kunmap_atomic(ptr, KM_USER0);
                goto out;
        } else
                len -= buf->page_len;