diff options
| author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2013-01-18 22:41:53 -0500 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2013-01-27 15:51:15 -0500 |
| commit | 4ae19c2dd713edb7b8ad3d4ab9d234ed5dcb6b98 (patch) | |
| tree | 392b6191b3df070b385564252626b739f0b63de3 /fs | |
| parent | dee972b967ae111ad5705733de17a3bfc4632311 (diff) | |
NFSv4: Fix NFSv4 reference counting for trunked sessions
The reference counting in nfs4_init_client assumes wongly that it
is safe for nfs4_discover_server_trunking() to return a pointer to a
nfs_client prior to bumping the reference count.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: Chuck Lever <chuck.lever@oracle.com>
Cc: Ben Greear <greearb@candelatech.com>
Cc: stable@vger.kernel.org [>=3.7]
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/nfs/nfs4client.c | 31 |
1 files changed, 15 insertions, 16 deletions
diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c index acc347268124..65a290a73065 100644 --- a/fs/nfs/nfs4client.c +++ b/fs/nfs/nfs4client.c | |||
| @@ -236,11 +236,10 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp, | |||
| 236 | error = nfs4_discover_server_trunking(clp, &old); | 236 | error = nfs4_discover_server_trunking(clp, &old); |
| 237 | if (error < 0) | 237 | if (error < 0) |
| 238 | goto error; | 238 | goto error; |
| 239 | nfs_put_client(clp); | ||
| 239 | if (clp != old) { | 240 | if (clp != old) { |
| 240 | clp->cl_preserve_clid = true; | 241 | clp->cl_preserve_clid = true; |
| 241 | nfs_put_client(clp); | ||
| 242 | clp = old; | 242 | clp = old; |
| 243 | atomic_inc(&clp->cl_count); | ||
| 244 | } | 243 | } |
| 245 | 244 | ||
| 246 | return clp; | 245 | return clp; |
| @@ -306,7 +305,7 @@ int nfs40_walk_client_list(struct nfs_client *new, | |||
| 306 | .clientid = new->cl_clientid, | 305 | .clientid = new->cl_clientid, |
| 307 | .confirm = new->cl_confirm, | 306 | .confirm = new->cl_confirm, |
| 308 | }; | 307 | }; |
| 309 | int status; | 308 | int status = -NFS4ERR_STALE_CLIENTID; |
| 310 | 309 | ||
| 311 | spin_lock(&nn->nfs_client_lock); | 310 | spin_lock(&nn->nfs_client_lock); |
| 312 | list_for_each_entry_safe(pos, n, &nn->nfs_client_list, cl_share_link) { | 311 | list_for_each_entry_safe(pos, n, &nn->nfs_client_list, cl_share_link) { |
| @@ -332,28 +331,28 @@ int nfs40_walk_client_list(struct nfs_client *new, | |||
| 332 | 331 | ||
| 333 | if (prev) | 332 | if (prev) |
| 334 | nfs_put_client(prev); | 333 | nfs_put_client(prev); |
| 334 | prev = pos; | ||
| 335 | 335 | ||
| 336 | status = nfs4_proc_setclientid_confirm(pos, &clid, cred); | 336 | status = nfs4_proc_setclientid_confirm(pos, &clid, cred); |
| 337 | if (status == 0) { | 337 | switch (status) { |
| 338 | case -NFS4ERR_STALE_CLIENTID: | ||
| 339 | break; | ||
| 340 | case 0: | ||
| 338 | nfs4_swap_callback_idents(pos, new); | 341 | nfs4_swap_callback_idents(pos, new); |
| 339 | 342 | ||
| 340 | nfs_put_client(pos); | 343 | prev = NULL; |
| 341 | *result = pos; | 344 | *result = pos; |
| 342 | dprintk("NFS: <-- %s using nfs_client = %p ({%d})\n", | 345 | dprintk("NFS: <-- %s using nfs_client = %p ({%d})\n", |
| 343 | __func__, pos, atomic_read(&pos->cl_count)); | 346 | __func__, pos, atomic_read(&pos->cl_count)); |
| 344 | return 0; | 347 | default: |
| 345 | } | 348 | goto out; |
| 346 | if (status != -NFS4ERR_STALE_CLIENTID) { | ||
| 347 | nfs_put_client(pos); | ||
| 348 | dprintk("NFS: <-- %s status = %d, no result\n", | ||
| 349 | __func__, status); | ||
| 350 | return status; | ||
| 351 | } | 349 | } |
| 352 | 350 | ||
| 353 | spin_lock(&nn->nfs_client_lock); | 351 | spin_lock(&nn->nfs_client_lock); |
| 354 | prev = pos; | ||
| 355 | } | 352 | } |
| 353 | spin_unlock(&nn->nfs_client_lock); | ||
| 356 | 354 | ||
| 355 | out: | ||
| 357 | /* | 356 | /* |
| 358 | * No matching nfs_client found. This should be impossible, | 357 | * No matching nfs_client found. This should be impossible, |
| 359 | * because the new nfs_client has already been added to | 358 | * because the new nfs_client has already been added to |
| @@ -363,9 +362,8 @@ int nfs40_walk_client_list(struct nfs_client *new, | |||
| 363 | */ | 362 | */ |
| 364 | if (prev) | 363 | if (prev) |
| 365 | nfs_put_client(prev); | 364 | nfs_put_client(prev); |
| 366 | spin_unlock(&nn->nfs_client_lock); | 365 | dprintk("NFS: <-- %s status = %d\n", __func__, status); |
| 367 | pr_err("NFS: %s Error: no matching nfs_client found\n", __func__); | 366 | return status; |
| 368 | return -NFS4ERR_STALE_CLIENTID; | ||
| 369 | } | 367 | } |
| 370 | 368 | ||
| 371 | #ifdef CONFIG_NFS_V4_1 | 369 | #ifdef CONFIG_NFS_V4_1 |
| @@ -473,6 +471,7 @@ int nfs41_walk_client_list(struct nfs_client *new, | |||
| 473 | if (!nfs4_match_serverowners(pos, new)) | 471 | if (!nfs4_match_serverowners(pos, new)) |
| 474 | continue; | 472 | continue; |
| 475 | 473 | ||
| 474 | atomic_inc(&pos->cl_count); | ||
| 476 | spin_unlock(&nn->nfs_client_lock); | 475 | spin_unlock(&nn->nfs_client_lock); |
| 477 | dprintk("NFS: <-- %s using nfs_client = %p ({%d})\n", | 476 | dprintk("NFS: <-- %s using nfs_client = %p ({%d})\n", |
| 478 | __func__, pos, atomic_read(&pos->cl_count)); | 477 | __func__, pos, atomic_read(&pos->cl_count)); |