SUNRPC: NULL utsname dereference on NFS umount during namespace cleanup

Fix an Oopsable condition when nsm_mon_unmon is called as part of the
namespace cleanup, which now apparently happens after the utsname
has been freed.

Link: http://lkml.kernel.org/r/20150125220604.090121ae@neptune.home
Reported-by: Bruno Prémont <bonbons@linux-vserver.org>
Cc: stable@vger.kernel.org # 3.18
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>

2 files changed, 13 insertions, 7 deletions

diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index 05da12a33945..3f5d4d48f0cb 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -286,10 +286,8 @@ static struct rpc_xprt *rpc_clnt_set_transport(struct rpc_clnt *clnt,
 
 static void rpc_clnt_set_nodename(struct rpc_clnt *clnt, const char *nodename)
 {
-        clnt->cl_nodelen = strlen(nodename);
-        if (clnt->cl_nodelen > UNX_MAXNODENAME)
-                clnt->cl_nodelen = UNX_MAXNODENAME;
-        memcpy(clnt->cl_nodename, nodename, clnt->cl_nodelen);
+        clnt->cl_nodelen = strlcpy(clnt->cl_nodename,
+                        nodename, sizeof(clnt->cl_nodename));
 }
 
 static int rpc_client_register(struct rpc_clnt *clnt,
@@ -365,6 +363,7 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args,
         const struct rpc_version *version;
         struct rpc_clnt *clnt = NULL;
         const struct rpc_timeout *timeout;
+        const char *nodename = args->nodename;
         int err;
 
         /* sanity check the name before trying to print it */
@@ -420,8 +419,10 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args,
 
         atomic_set(&clnt->cl_count, 1);
 
+        if (nodename == NULL)
+                nodename = utsname()->nodename;
         /* save the nodename */
-        rpc_clnt_set_nodename(clnt, utsname()->nodename);
+        rpc_clnt_set_nodename(clnt, nodename);
 
         err = rpc_client_register(clnt, args->authflavor, args->client_name);
         if (err)
@@ -576,6 +577,7 @@ static struct rpc_clnt *__rpc_clone_client(struct rpc_create_args *args,
         if (xprt == NULL)
                 goto out_err;
         args->servername = xprt->servername;
+        args->nodename = clnt->cl_nodename;
 
         new = rpc_new_client(args, xprt, clnt);
         if (IS_ERR(new)) {
diff --git a/net/sunrpc/rpcb_clnt.c b/net/sunrpc/rpcb_clnt.c
index 05202012bcfc..cf5770d8f49a 100644
--- a/net/sunrpc/rpcb_clnt.c
+++ b/net/sunrpc/rpcb_clnt.c
@@ -355,7 +355,8 @@ out:
         return result;
 }
 
-static struct rpc_clnt *rpcb_create(struct net *net, const char *hostname,
+static struct rpc_clnt *rpcb_create(struct net *net, const char *nodename,
+                                    const char *hostname,
                                     struct sockaddr *srvaddr, size_t salen,
                                     int proto, u32 version)
 {
@@ -365,6 +366,7 @@ static struct rpc_clnt *rpcb_create(struct net *net, const char *hostname,
                 .address        = srvaddr,
                 .addrsize       = salen,
                 .servername     = hostname,
+                .nodename       = nodename,
                 .program        = &rpcb_program,
                 .version        = version,
                 .authflavor     = RPC_AUTH_UNIX,
@@ -740,7 +742,9 @@ void rpcb_getport_async(struct rpc_task *task)
         dprintk("RPC: %5u %s: trying rpcbind version %u\n",
                 task->tk_pid, __func__, bind_version);
 
-        rpcb_clnt = rpcb_create(xprt->xprt_net, xprt->servername, sap, salen,
+        rpcb_clnt = rpcb_create(xprt->xprt_net,
+                                clnt->cl_nodename,
+                                xprt->servername, sap, salen,
                                 xprt->prot, bind_version);
         if (IS_ERR(rpcb_clnt)) {
                 status = PTR_ERR(rpcb_clnt);