Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / 642fe4d00db56d65060ce2fd4c105884414acb16^! / .
commit642fe4d00db56d65060ce2fd4c105884414acb16[log] [tgz]
authorTrond Myklebust <Trond.Myklebust@netapp.com>Thu Nov 08 10:01:26 2012 -0500
committerTrond Myklebust <Trond.Myklebust@netapp.com>Thu Nov 08 14:53:28 2012 -0500
tree49d4b27e67b129dec2b1c102af9e6365466880c3
parent0e4a43ed08e2f44aa7b96aa95d0a540d675483e1 [diff]
SUNRPC: Fix validity issues with rpc_pipefs sb->s_fs_info

rpc_kill_sb() must defer calling put_net() until after the notifier
has been called, since most (all?) of the notifier callbacks assume
that sb->s_fs_info points to a valid net namespace. It also must not
call put_net() if the call to rpc_fill_super was unsuccessful.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=48421

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: Stanislav Kinsbursky <skinsbursky@parallels.com>
Cc: stable@vger.kernel.org [>= v3.4]

diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c
index 80f5dd2..e659def 100644
--- a/net/sunrpc/rpc_pipe.c
+++ b/net/sunrpc/rpc_pipe.c

@@ -1152,14 +1152,19 @@
 	struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
 
 	mutex_lock(&sn->pipefs_sb_lock);
+	if (sn->pipefs_sb != sb) {
+		mutex_unlock(&sn->pipefs_sb_lock);
+		goto out;
+	}
 	sn->pipefs_sb = NULL;
 	mutex_unlock(&sn->pipefs_sb_lock);
-	put_net(net);
 	dprintk("RPC:       sending pipefs UMOUNT notification for net %p%s\n",
 		net, NET_NAME(net));
 	blocking_notifier_call_chain(&rpc_pipefs_notifier_list,
 					   RPC_PIPEFS_UMOUNT,
 					   sb);
+	put_net(net);
+out:
 	kill_litter_super(sb);
 }