[PATCH] knfsd: Fix two problems that can cause rmmod nfsd to die
NeilBrown [Tue, 23 May 2006 05:35:25 +0000 (22:35 -0700)]
Both cause the 'entries' count in the export cache to be non-zero at module
removal time, so unregistering that cache fails and results in an oops.

1/ exp_pseudoroot (used for NFSv4 only) leaks a reference to an export
   entry.
2/ sunrpc_cache_update doesn't increment the entries count when it adds
   an entry.

Thanks to "david m.  richter" <richterd@citi.umich.edu> for triggering the
problem and finding one of the bugs.

Cc: "david m. richter" <richterd@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

fs/nfsd/export.c
net/sunrpc/cache.c

index 4e05781..3eec300 100644 (file)
@@ -1066,9 +1066,11 @@ exp_pseudoroot(struct auth_domain *clp, struct svc_fh *fhp,
                rv = nfserr_perm;
        else if (IS_ERR(exp))
                rv = nfserrno(PTR_ERR(exp));
-       else
+       else {
                rv = fh_compose(fhp, exp,
                                fsid_key->ek_dentry, NULL);
+               exp_put(exp);
+       }
        cache_put(&fsid_key->h, &svc_expkey_cache);
        return rv;
 }
index 3ac4193..7026b08 100644 (file)
@@ -159,6 +159,7 @@ struct cache_head *sunrpc_cache_update(struct cache_detail *detail,
                detail->update(tmp, new);
        tmp->next = *head;
        *head = tmp;
+       detail->entries++;
        cache_get(tmp);
        is_new = cache_fresh_locked(tmp, new->expiry_time);
        cache_fresh_locked(old, 0);