NFSv4: Don't use the delegation->inode in nfs_mark_return_delegation()

nfs_mark_return_delegation() is usually called without any locking, and so it is not safe to dereference delegation->inode. Since the inode is only used to discover the nfs_client anyway, it makes more sense to have the callers pass a valid pointer to the nfs_server as a parameter. Reported-by: Ian Kent <raven@themaw.net> Cc: stable@kernel.org Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
author: Trond Myklebust <Trond.Myklebust@netapp.com> 2011-07-25 15:37:29 -0400
committer: Trond Myklebust <Trond.Myklebust@netapp.com> 2011-07-25 15:37:29 -0400
commit: ed1e6211a0a134ff23592c6f057af982ad5dab52 (patch)
tree: b3485dbf3c041e40ab485b8307fb53f7154330c6 /fs/nfs/delegation.c
parent: 73ca1001ed6881b476e8252adcd0eede1ea368ea (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/fs/nfs/delegation.c b/fs/nfs/delegation.c
index dd25c2aec375..321a66bc3846 100644
--- a/fs/nfs/delegation.c
+++ b/fs/nfs/delegation.c
@@ -398,12 +398,11 @@ int nfs_inode_return_delegation(struct inode *inode)
        return err;
 }
-static void nfs_mark_return_delegation(struct nfs_delegation *delegation)
+static void nfs_mark_return_delegation(struct nfs_server *server,
+                struct nfs_delegation *delegation)
 {
-        struct nfs_client *clp = NFS_SERVER(delegation->inode)->nfs_client;
        set_bit(NFS_DELEGATION_RETURN, &delegation->flags);
-        set_bit(NFS4CLNT_DELEGRETURN, &clp->cl_state);
+        set_bit(NFS4CLNT_DELEGRETURN, &server->nfs_client->cl_state);
 }
 /**
@@ -441,7 +440,7 @@ static void nfs_mark_return_all_delegation_types(struct nfs_server *server,
                if ((delegation->type == (FMODE_READ|FMODE_WRITE)) && !(flags & FMODE_WRITE))
                        continue;
                if (delegation->type & flags)
-                        nfs_mark_return_delegation(delegation);
+                        nfs_mark_return_delegation(server, delegation);
        }
 }
@@ -508,7 +507,7 @@ static void nfs_mark_return_unreferenced_delegations(struct nfs_server *server)
        list_for_each_entry_rcu(delegation, &server->delegations, super_list) {
                if (test_and_clear_bit(NFS_DELEGATION_REFERENCED, &delegation->flags))
                        continue;
-                nfs_mark_return_delegation(delegation);
+                nfs_mark_return_delegation(server, delegation);
        }
 }
@@ -539,7 +538,8 @@ void nfs_expire_unreferenced_delegations(struct nfs_client *clp)
 int nfs_async_inode_return_delegation(struct inode *inode,
                                      const nfs4_stateid *stateid)
 {
-        struct nfs_client *clp = NFS_SERVER(inode)->nfs_client;
+        struct nfs_server *server = NFS_SERVER(inode);
+        struct nfs_client *clp = server->nfs_client;
        struct nfs_delegation *delegation;
        rcu_read_lock();
@@ -549,7 +549,7 @@ int nfs_async_inode_return_delegation(struct inode *inode,
                rcu_read_unlock();
                return -ENOENT;
        }
-        nfs_mark_return_delegation(delegation);
+        nfs_mark_return_delegation(server, delegation);
        rcu_read_unlock();
        nfs_delegation_run_state_manager(clp);
author	Trond Myklebust <Trond.Myklebust@netapp.com>	2011-07-25 15:37:29 -0400
committer	Trond Myklebust <Trond.Myklebust@netapp.com>	2011-07-25 15:37:29 -0400
commit	ed1e6211a0a134ff23592c6f057af982ad5dab52 (patch)
tree	b3485dbf3c041e40ab485b8307fb53f7154330c6 /fs/nfs/delegation.c
parent	73ca1001ed6881b476e8252adcd0eede1ea368ea (diff)