SUNRPC: Fix validity issues with rpc_pipefs sb->s_fs_info
authorTrond Myklebust <Trond.Myklebust@netapp.com>
Thu, 8 Nov 2012 15:01:26 +0000 (10:01 -0500)
committerTrond Myklebust <Trond.Myklebust@netapp.com>
Thu, 8 Nov 2012 19:53:28 +0000 (14:53 -0500)
rpc_kill_sb() must defer calling put_net() until after the notifier
has been called, since most (all?) of the notifier callbacks assume
that sb->s_fs_info points to a valid net namespace. It also must not
call put_net() if the call to rpc_fill_super was unsuccessful.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=48421

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: Stanislav Kinsbursky <skinsbursky@parallels.com>
Cc: stable@vger.kernel.org [>= v3.4]
net/sunrpc/rpc_pipe.c

index 80f5dd23417d92c932be96225b8c65723774aa40..e659def7774295794511679c75440ae971216bbf 100644 (file)
@@ -1152,14 +1152,19 @@ static void rpc_kill_sb(struct super_block *sb)
        struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
 
        mutex_lock(&sn->pipefs_sb_lock);
+       if (sn->pipefs_sb != sb) {
+               mutex_unlock(&sn->pipefs_sb_lock);
+               goto out;
+       }
        sn->pipefs_sb = NULL;
        mutex_unlock(&sn->pipefs_sb_lock);
-       put_net(net);
        dprintk("RPC:       sending pipefs UMOUNT notification for net %p%s\n",
                net, NET_NAME(net));
        blocking_notifier_call_chain(&rpc_pipefs_notifier_list,
                                           RPC_PIPEFS_UMOUNT,
                                           sb);
+       put_net(net);
+out:
        kill_litter_super(sb);
 }