NFSv4.1: Fix a race in set_pnfs_layoutdriver

The call to try_module_get() dereferences ld_type outside the spin locks, which means that it may be pointing to garbage if a module unload was in progress. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
author: Trond Myklebust <Trond.Myklebust@netapp.com> 2012-06-15 13:02:58 -0400
committer: Trond Myklebust <Trond.Myklebust@netapp.com> 2012-06-19 13:32:45 -0400
commit: 0a9c63fae7df086ff5e107273c3cce8642430974 (patch)
tree: a8636a5d35f0ae5e45f64d27759dd02d7e2ca598 /fs
parent: 2a4c8994eeef50796015f8a2005e4a75c1929166 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c
index bdf7e52943c8..bbc49caa7a82 100644
--- a/fs/nfs/pnfs.c
+++ b/fs/nfs/pnfs.c
@@ -70,6 +70,10 @@ find_pnfs_driver(u32 id)
        spin_lock(&pnfs_spinlock);
        local = find_pnfs_driver_locked(id);
+        if (local != NULL && !try_module_get(local->owner)) {
+                dprintk("%s: Could not grab reference on module\n", __func__);
+                local = NULL;
+        }
        spin_unlock(&pnfs_spinlock);
        return local;
 }
@@ -118,10 +122,6 @@ set_pnfs_layoutdriver(struct nfs_server *server, const struct nfs_fh *mntfh,
                        goto out_no_driver;
                }
        }
-        if (!try_module_get(ld_type->owner)) {
-                dprintk("%s: Could not grab reference on module\n", __func__);
-                goto out_no_driver;
-        }
        server->pnfs_curr_ld = ld_type;
        if (ld_type->set_layoutdriver
            && ld_type->set_layoutdriver(server, mntfh)) {
author	Trond Myklebust <Trond.Myklebust@netapp.com>	2012-06-15 13:02:58 -0400
committer	Trond Myklebust <Trond.Myklebust@netapp.com>	2012-06-19 13:32:45 -0400
commit	0a9c63fae7df086ff5e107273c3cce8642430974 (patch)
tree	a8636a5d35f0ae5e45f64d27759dd02d7e2ca598 /fs
parent	2a4c8994eeef50796015f8a2005e4a75c1929166 (diff)