NFSv4: Fix a use-after-free issue with the nfs server.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This commit is contained in:
parent
275a082fe9
commit
5dd3177ae5
@ -164,6 +164,26 @@ static struct nfs_client *nfs_alloc_client(const char *hostname,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static void nfs4_shutdown_client(struct nfs_client *clp)
|
||||
{
|
||||
#ifdef CONFIG_NFS_V4
|
||||
if (__test_and_clear_bit(NFS_CS_RENEWD, &clp->cl_res_state))
|
||||
nfs4_kill_renewd(clp);
|
||||
while (!list_empty(&clp->cl_unused)) {
|
||||
struct nfs4_state_owner *sp;
|
||||
|
||||
sp = list_entry(clp->cl_unused.next,
|
||||
struct nfs4_state_owner,
|
||||
so_list);
|
||||
list_del(&sp->so_list);
|
||||
kfree(sp);
|
||||
}
|
||||
BUG_ON(!list_empty(&clp->cl_state_owners));
|
||||
if (__test_and_clear_bit(NFS_CS_IDMAP, &clp->cl_res_state))
|
||||
nfs_idmap_delete(clp);
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* Destroy a shared client record
|
||||
*/
|
||||
@ -171,21 +191,7 @@ static void nfs_free_client(struct nfs_client *clp)
|
||||
{
|
||||
dprintk("--> nfs_free_client(%d)\n", clp->cl_nfsversion);
|
||||
|
||||
#ifdef CONFIG_NFS_V4
|
||||
if (__test_and_clear_bit(NFS_CS_IDMAP, &clp->cl_res_state)) {
|
||||
while (!list_empty(&clp->cl_unused)) {
|
||||
struct nfs4_state_owner *sp;
|
||||
|
||||
sp = list_entry(clp->cl_unused.next,
|
||||
struct nfs4_state_owner,
|
||||
so_list);
|
||||
list_del(&sp->so_list);
|
||||
kfree(sp);
|
||||
}
|
||||
BUG_ON(!list_empty(&clp->cl_state_owners));
|
||||
nfs_idmap_delete(clp);
|
||||
}
|
||||
#endif
|
||||
nfs4_shutdown_client(clp);
|
||||
|
||||
/* -EIO all pending I/O */
|
||||
if (!IS_ERR(clp->cl_rpcclient))
|
||||
|
@ -121,6 +121,7 @@ nfs4_schedule_state_renewal(struct nfs_client *clp)
|
||||
__FUNCTION__, (timeout + HZ - 1) / HZ);
|
||||
cancel_delayed_work(&clp->cl_renewd);
|
||||
schedule_delayed_work(&clp->cl_renewd, timeout);
|
||||
set_bit(NFS_CS_RENEWD, &clp->cl_res_state);
|
||||
spin_unlock(&clp->cl_lock);
|
||||
}
|
||||
|
||||
|
@ -883,13 +883,15 @@ static int nfs4_get_sb(struct file_system_type *fs_type,
|
||||
goto out_free;
|
||||
}
|
||||
|
||||
if (s->s_fs_info != server) {
|
||||
nfs_free_server(server);
|
||||
server = NULL;
|
||||
}
|
||||
|
||||
if (!s->s_root) {
|
||||
/* initial superblock/root creation */
|
||||
s->s_flags = flags;
|
||||
|
||||
nfs4_fill_super(s);
|
||||
} else {
|
||||
nfs_free_server(server);
|
||||
}
|
||||
|
||||
mntroot = nfs4_get_root(s, &mntfh);
|
||||
|
@ -19,6 +19,7 @@ struct nfs_client {
|
||||
#define NFS_CS_RPCIOD 0 /* - rpciod started */
|
||||
#define NFS_CS_CALLBACK 1 /* - callback started */
|
||||
#define NFS_CS_IDMAP 2 /* - idmap started */
|
||||
#define NFS_CS_RENEWD 3 /* - renewd started */
|
||||
struct sockaddr_in cl_addr; /* server identifier */
|
||||
char * cl_hostname; /* hostname of server */
|
||||
struct list_head cl_share_link; /* link in global client list */
|
||||
|
Loading…
Reference in New Issue
Block a user