[CIFS] Fix oops on failed cifs mount (in kthread_stop)
authorSteve French <sfrench@us.ibm.com>
Wed, 23 May 2007 14:45:36 +0000 (14:45 +0000)
committerSteve French <sfrench@us.ibm.com>
Wed, 23 May 2007 14:45:36 +0000 (14:45 +0000)
If the cifs demultiplex thread wakes up and exits
(zeroing server->tsk) before kthread_stop is called, the
cifs_mount code could pass a null pointer to kthread_stop

Thanks to akpm, Dave Young and Shaggy for suggesting
earlier versions of this patch.

CC: akpm@linux-foundatior.org
Signed-off-by: Dave Young <hidave.darkstar@gmail.com>
Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
fs/cifs/connect.c

index 216fb625843f4b29feb6011e8fe71a14f223a996..f6963d183c536b2e4644c6f4d4283c7ecdf070b3 100644 (file)
@@ -2069,8 +2069,15 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
                        srvTcp->tcpStatus = CifsExiting;
                        spin_unlock(&GlobalMid_Lock);
                        if (srvTcp->tsk) {
+                               struct task_struct *tsk;
+                               /* If we could verify that kthread_stop would
+                                  always wake up processes blocked in
+                                  tcp in recv_mesg then we could remove the
+                                  send_sig call */
                                send_sig(SIGKILL,srvTcp->tsk,1);
-                               kthread_stop(srvTcp->tsk);
+                               tsk = srvTcp->tsk;
+                               if(tsk)
+                                       kthread_stop(srvTcp->tsk);
                        }
                }
                 /* If find_unc succeeded then rc == 0 so we can not end */
@@ -2085,8 +2092,11 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
                                        /* if the socketUseCount is now zero */
                                        if ((temp_rc == -ESHUTDOWN) &&
                                           (pSesInfo->server) && (pSesInfo->server->tsk)) {
+                                               struct task_struct *tsk;
                                                send_sig(SIGKILL,pSesInfo->server->tsk,1);
-                                               kthread_stop(pSesInfo->server->tsk);
+                                               tsk = pSesInfo->server->tsk;
+                                               if(tsk)
+                                                       kthread_stop(tsk);
                                        }
                                } else
                                        cFYI(1, ("No session or bad tcon"));