提交 a4ee8d97 编写于 作者: T Trond Myklebust

LOCKD: fix races in nsm_client_get

Commit e9406db2 (lockd: per-net
NSM client creation and destruction helpers introduced) contains
a nasty race on initialisation of the per-net NSM client because
it doesn't check whether or not the client is set after grabbing
the nsm_create_mutex.
Reported-by: NNix <nix@esperi.org.uk>
Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
Cc: stable@vger.kernel.org
上级 f878b657
...@@ -85,29 +85,38 @@ static struct rpc_clnt *nsm_create(struct net *net) ...@@ -85,29 +85,38 @@ static struct rpc_clnt *nsm_create(struct net *net)
return rpc_create(&args); return rpc_create(&args);
} }
static struct rpc_clnt *nsm_client_set(struct lockd_net *ln,
struct rpc_clnt *clnt)
{
spin_lock(&ln->nsm_clnt_lock);
if (ln->nsm_users == 0) {
if (clnt == NULL)
goto out;
ln->nsm_clnt = clnt;
}
clnt = ln->nsm_clnt;
ln->nsm_users++;
out:
spin_unlock(&ln->nsm_clnt_lock);
return clnt;
}
static struct rpc_clnt *nsm_client_get(struct net *net) static struct rpc_clnt *nsm_client_get(struct net *net)
{ {
static DEFINE_MUTEX(nsm_create_mutex); struct rpc_clnt *clnt, *new;
struct rpc_clnt *clnt;
struct lockd_net *ln = net_generic(net, lockd_net_id); struct lockd_net *ln = net_generic(net, lockd_net_id);
spin_lock(&ln->nsm_clnt_lock); clnt = nsm_client_set(ln, NULL);
if (ln->nsm_users) { if (clnt != NULL)
ln->nsm_users++;
clnt = ln->nsm_clnt;
spin_unlock(&ln->nsm_clnt_lock);
goto out; goto out;
}
spin_unlock(&ln->nsm_clnt_lock);
mutex_lock(&nsm_create_mutex); clnt = new = nsm_create(net);
clnt = nsm_create(net); if (IS_ERR(clnt))
if (!IS_ERR(clnt)) { goto out;
ln->nsm_clnt = clnt;
smp_wmb(); clnt = nsm_client_set(ln, new);
ln->nsm_users = 1; if (clnt != new)
} rpc_shutdown_client(new);
mutex_unlock(&nsm_create_mutex);
out: out:
return clnt; return clnt;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册