diff options
author | Mike Snitzer <snitzer@kernel.org> | 2024-10-03 15:34:58 -0400 |
---|---|---|
committer | Anna Schumaker <anna.schumaker@oracle.com> | 2024-10-03 16:19:43 -0400 |
commit | 65f2a5c366353da6fa724c68347e1de954928143 (patch) | |
tree | 3dbc942931e5b9c55c54519e9fcf846b841cd8be /fs/nfs | |
parent | a848c29e3486189aaabd5663bc11aea50c5bd144 (diff) |
nfs_common: fix race in NFS calls to nfsd_file_put_local() and nfsd_serv_put()
Add nfs_to_nfsd_file_put_local() interface to fix race with nfsd
module unload. Similarly, use RCU around nfs_open_local_fh()'s error
path call to nfs_to->nfsd_serv_put(). Holding RCU ensures that NFS
will safely _call and return_ from its nfs_to calls into the NFSD
functions nfsd_file_put_local() and nfsd_serv_put().
Otherwise, if RCU isn't used then there is a narrow window when NFS's
reference for the nfsd_file and nfsd_serv are dropped and the NFSD
module could be unloaded, which could result in a crash from the
return instruction for either nfs_to->nfsd_file_put_local() or
nfs_to->nfsd_serv_put().
Reported-by: NeilBrown <neilb@suse.de>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Anna Schumaker <anna.schumaker@oracle.com>
Diffstat (limited to 'fs/nfs')
-rw-r--r-- | fs/nfs/localio.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/fs/nfs/localio.c b/fs/nfs/localio.c index c5922b1a77c0..d0aa680ec816 100644 --- a/fs/nfs/localio.c +++ b/fs/nfs/localio.c @@ -340,7 +340,7 @@ nfs_local_pgio_release(struct nfs_local_kiocb *iocb) { struct nfs_pgio_header *hdr = iocb->hdr; - nfs_to->nfsd_file_put_local(iocb->localio); + nfs_to_nfsd_file_put_local(iocb->localio); nfs_local_iocb_free(iocb); nfs_local_hdr_release(hdr, hdr->task.tk_ops); } @@ -621,7 +621,7 @@ int nfs_local_doio(struct nfs_client *clp, struct nfsd_file *localio, } out: if (status != 0) { - nfs_to->nfsd_file_put_local(localio); + nfs_to_nfsd_file_put_local(localio); hdr->task.tk_status = status; nfs_local_hdr_release(hdr, call_ops); } @@ -672,7 +672,7 @@ nfs_local_release_commit_data(struct nfsd_file *localio, struct nfs_commit_data *data, const struct rpc_call_ops *call_ops) { - nfs_to->nfsd_file_put_local(localio); + nfs_to_nfsd_file_put_local(localio); call_ops->rpc_call_done(&data->task, data); call_ops->rpc_release(data); } |