diff options
author | Steve French <sfrench@us.ibm.com> | 2007-05-23 10:45:36 -0400 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2007-05-23 10:45:36 -0400 |
commit | 28356a1679006b110215596e057f304ef3083922 (patch) | |
tree | a0fb257bab98c9fe5057462ee4f9cf84b88100a6 | |
parent | ad9ddd66c6e8a79630a975ff0bb8d45a11abe630 (diff) |
[CIFS] Fix oops on failed cifs mount (in kthread_stop)
If the cifs demultiplex thread wakes up and exits
(zeroing server->tsk) before kthread_stop is called, the
cifs_mount code could pass a null pointer to kthread_stop
Thanks to akpm, Dave Young and Shaggy for suggesting
earlier versions of this patch.
CC: akpm@linux-foundatior.org
Signed-off-by: Dave Young <hidave.darkstar@gmail.com>
Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r-- | fs/cifs/connect.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 216fb625843f..f6963d183c53 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
@@ -2069,8 +2069,15 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, | |||
2069 | srvTcp->tcpStatus = CifsExiting; | 2069 | srvTcp->tcpStatus = CifsExiting; |
2070 | spin_unlock(&GlobalMid_Lock); | 2070 | spin_unlock(&GlobalMid_Lock); |
2071 | if (srvTcp->tsk) { | 2071 | if (srvTcp->tsk) { |
2072 | struct task_struct *tsk; | ||
2073 | /* If we could verify that kthread_stop would | ||
2074 | always wake up processes blocked in | ||
2075 | tcp in recv_mesg then we could remove the | ||
2076 | send_sig call */ | ||
2072 | send_sig(SIGKILL,srvTcp->tsk,1); | 2077 | send_sig(SIGKILL,srvTcp->tsk,1); |
2073 | kthread_stop(srvTcp->tsk); | 2078 | tsk = srvTcp->tsk; |
2079 | if(tsk) | ||
2080 | kthread_stop(srvTcp->tsk); | ||
2074 | } | 2081 | } |
2075 | } | 2082 | } |
2076 | /* If find_unc succeeded then rc == 0 so we can not end */ | 2083 | /* If find_unc succeeded then rc == 0 so we can not end */ |
@@ -2085,8 +2092,11 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, | |||
2085 | /* if the socketUseCount is now zero */ | 2092 | /* if the socketUseCount is now zero */ |
2086 | if ((temp_rc == -ESHUTDOWN) && | 2093 | if ((temp_rc == -ESHUTDOWN) && |
2087 | (pSesInfo->server) && (pSesInfo->server->tsk)) { | 2094 | (pSesInfo->server) && (pSesInfo->server->tsk)) { |
2095 | struct task_struct *tsk; | ||
2088 | send_sig(SIGKILL,pSesInfo->server->tsk,1); | 2096 | send_sig(SIGKILL,pSesInfo->server->tsk,1); |
2089 | kthread_stop(pSesInfo->server->tsk); | 2097 | tsk = pSesInfo->server->tsk; |
2098 | if(tsk) | ||
2099 | kthread_stop(tsk); | ||
2090 | } | 2100 | } |
2091 | } else | 2101 | } else |
2092 | cFYI(1, ("No session or bad tcon")); | 2102 | cFYI(1, ("No session or bad tcon")); |