SUNRPC: Fix validity issues with rpc_pipefs sb->s_fs_info
Trond Myklebust [Thu, 8 Nov 2012 15:01:26 +0000 (10:01 -0500)]
commit 642fe4d00db56d65060ce2fd4c105884414acb16 upstream.

rpc_kill_sb() must defer calling put_net() until after the notifier
has been called, since most (all?) of the notifier callbacks assume
that sb->s_fs_info points to a valid net namespace. It also must not
call put_net() if the call to rpc_fill_super was unsuccessful.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=48421

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: Stanislav Kinsbursky <skinsbursky@parallels.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

net/sunrpc/rpc_pipe.c

index faa078f..b8bda44 100644 (file)
@@ -1157,14 +1157,19 @@ static void rpc_kill_sb(struct super_block *sb)
        struct sunrpc_net *sn = net_generic(net, sunrpc_net_id);
 
        mutex_lock(&sn->pipefs_sb_lock);
+       if (sn->pipefs_sb != sb) {
+               mutex_unlock(&sn->pipefs_sb_lock);
+               goto out;
+       }
        sn->pipefs_sb = NULL;
        mutex_unlock(&sn->pipefs_sb_lock);
-       put_net(net);
        dprintk("RPC:   sending pipefs UMOUNT notification for net %p%s\n", net,
                                                                NET_NAME(net));
        blocking_notifier_call_chain(&rpc_pipefs_notifier_list,
                                           RPC_PIPEFS_UMOUNT,
                                           sb);
+       put_net(net);
+out:
        kill_litter_super(sb);
 }