aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@redhat.com>2010-08-02 14:12:44 -0400
committerJ. Bruce Fields <bfields@redhat.com>2010-08-06 17:05:30 -0400
commit774f8bbd9ef2e71d4ef4b89933d292091d31ca98 (patch)
treebbc4afb785f31727b61279b1a026768d5953d60f /fs
parent039a87ca536a85bc169ce092e44bd57adfa1f563 (diff)
nfsd: fix startup/shutdown order bug
We must create the server before we can call init_socks or check the number of threads. Symptoms were a NULL pointer dereference in nfsd_svc(). Problem identified by Jeff Layton. Also fix a minor cleanup-on-error case in nfsd_startup(). Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs')
-rw-r--r--fs/nfsd/nfssvc.c30
1 files changed, 16 insertions, 14 deletions
diff --git a/fs/nfsd/nfssvc.c b/fs/nfsd/nfssvc.c
index 92173bde32d2..39ced4a52c5f 100644
--- a/fs/nfsd/nfssvc.c
+++ b/fs/nfsd/nfssvc.c
@@ -204,6 +204,9 @@ static bool nfsd_up = false;
204static int nfsd_startup(unsigned short port, int nrservs) 204static int nfsd_startup(unsigned short port, int nrservs)
205{ 205{
206 int ret; 206 int ret;
207
208 if (nfsd_up)
209 return 0;
207 /* 210 /*
208 * Readahead param cache - will no-op if it already exists. 211 * Readahead param cache - will no-op if it already exists.
209 * (Note therefore results will be suboptimal if number of 212 * (Note therefore results will be suboptimal if number of
@@ -217,7 +220,7 @@ static int nfsd_startup(unsigned short port, int nrservs)
217 goto out_racache; 220 goto out_racache;
218 ret = lockd_up(); 221 ret = lockd_up();
219 if (ret) 222 if (ret)
220 return ret; 223 goto out_racache;
221 ret = nfs4_state_start(); 224 ret = nfs4_state_start();
222 if (ret) 225 if (ret)
223 goto out_lockd; 226 goto out_lockd;
@@ -420,7 +423,7 @@ int
420nfsd_svc(unsigned short port, int nrservs) 423nfsd_svc(unsigned short port, int nrservs)
421{ 424{
422 int error; 425 int error;
423 bool first_thread; 426 bool nfsd_up_before;
424 427
425 mutex_lock(&nfsd_mutex); 428 mutex_lock(&nfsd_mutex);
426 dprintk("nfsd: creating service\n"); 429 dprintk("nfsd: creating service\n");
@@ -432,29 +435,28 @@ nfsd_svc(unsigned short port, int nrservs)
432 if (nrservs == 0 && nfsd_serv == NULL) 435 if (nrservs == 0 && nfsd_serv == NULL)
433 goto out; 436 goto out;
434 437
435 first_thread = (nfsd_serv->sv_nrthreads == 0) && (nrservs != 0);
436
437 if (first_thread) {
438 error = nfsd_startup(port, nrservs);
439 if (error)
440 goto out;
441 }
442 error = nfsd_create_serv(); 438 error = nfsd_create_serv();
443 if (error) 439 if (error)
444 goto out_shutdown; 440 goto out;
445 error = svc_set_num_threads(nfsd_serv, NULL, nrservs); 441
442 nfsd_up_before = nfsd_up;
443
444 error = nfsd_startup(port, nrservs);
446 if (error) 445 if (error)
447 goto out_destroy; 446 goto out_destroy;
447 error = svc_set_num_threads(nfsd_serv, NULL, nrservs);
448 if (error)
449 goto out_shutdown;
448 /* We are holding a reference to nfsd_serv which 450 /* We are holding a reference to nfsd_serv which
449 * we don't want to count in the return value, 451 * we don't want to count in the return value,
450 * so subtract 1 452 * so subtract 1
451 */ 453 */
452 error = nfsd_serv->sv_nrthreads - 1; 454 error = nfsd_serv->sv_nrthreads - 1;
453out_destroy:
454 svc_destroy(nfsd_serv); /* Release server */
455out_shutdown: 455out_shutdown:
456 if (error < 0 && first_thread) 456 if (error < 0 && !nfsd_up_before)
457 nfsd_shutdown(); 457 nfsd_shutdown();
458out_destroy:
459 svc_destroy(nfsd_serv); /* Release server */
458out: 460out:
459 mutex_unlock(&nfsd_mutex); 461 mutex_unlock(&nfsd_mutex);
460 return error; 462 return error;