Commit 5dd3177a authored by Trond Myklebust's avatar Trond Myklebust

NFSv4: Fix a use-after-free issue with the nfs server.

Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 275a082f
......@@ -164,6 +164,26 @@ error_0:
return NULL;
}
static void nfs4_shutdown_client(struct nfs_client *clp)
{
#ifdef CONFIG_NFS_V4
if (__test_and_clear_bit(NFS_CS_RENEWD, &clp->cl_res_state))
nfs4_kill_renewd(clp);
while (!list_empty(&clp->cl_unused)) {
struct nfs4_state_owner *sp;
sp = list_entry(clp->cl_unused.next,
struct nfs4_state_owner,
so_list);
list_del(&sp->so_list);
kfree(sp);
}
BUG_ON(!list_empty(&clp->cl_state_owners));
if (__test_and_clear_bit(NFS_CS_IDMAP, &clp->cl_res_state))
nfs_idmap_delete(clp);
#endif
}
/*
* Destroy a shared client record
*/
......@@ -171,21 +191,7 @@ static void nfs_free_client(struct nfs_client *clp)
{
dprintk("--> nfs_free_client(%d)\n", clp->cl_nfsversion);
#ifdef CONFIG_NFS_V4
if (__test_and_clear_bit(NFS_CS_IDMAP, &clp->cl_res_state)) {
while (!list_empty(&clp->cl_unused)) {
struct nfs4_state_owner *sp;
sp = list_entry(clp->cl_unused.next,
struct nfs4_state_owner,
so_list);
list_del(&sp->so_list);
kfree(sp);
}
BUG_ON(!list_empty(&clp->cl_state_owners));
nfs_idmap_delete(clp);
}
#endif
nfs4_shutdown_client(clp);
/* -EIO all pending I/O */
if (!IS_ERR(clp->cl_rpcclient))
......
......@@ -121,6 +121,7 @@ nfs4_schedule_state_renewal(struct nfs_client *clp)
__FUNCTION__, (timeout + HZ - 1) / HZ);
cancel_delayed_work(&clp->cl_renewd);
schedule_delayed_work(&clp->cl_renewd, timeout);
set_bit(NFS_CS_RENEWD, &clp->cl_res_state);
spin_unlock(&clp->cl_lock);
}
......
......@@ -883,13 +883,15 @@ static int nfs4_get_sb(struct file_system_type *fs_type,
goto out_free;
}
if (s->s_fs_info != server) {
nfs_free_server(server);
server = NULL;
}
if (!s->s_root) {
/* initial superblock/root creation */
s->s_flags = flags;
nfs4_fill_super(s);
} else {
nfs_free_server(server);
}
mntroot = nfs4_get_root(s, &mntfh);
......
......@@ -19,6 +19,7 @@ struct nfs_client {
#define NFS_CS_RPCIOD 0 /* - rpciod started */
#define NFS_CS_CALLBACK 1 /* - callback started */
#define NFS_CS_IDMAP 2 /* - idmap started */
#define NFS_CS_RENEWD 3 /* - renewd started */
struct sockaddr_in cl_addr; /* server identifier */
char * cl_hostname; /* hostname of server */
struct list_head cl_share_link; /* link in global client list */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment