NeilBrown
authored
If the last NFSv3 unmount from a given host races with a mount from the same host, we can destroy an nlm_host that is still in use. Specifically nlmclnt_lookup_host() can increment h_count on an nlm_host that nlmclnt_release_host() has just successfully called refcount_dec_and_test() on. Once nlmclnt_lookup_host() drops the mutex, nlm_destroy_host_lock() will be called to destroy the nlmclnt which is now in use again. The cause of the problem is that the dec_and_test happens outside the locked region. This is easily fixed by using refcount_dec_and_mutex_lock(). Fixes: 8ea6ecc8 ("lockd: Create client-side nlm_host cache") Cc: stable@vger.kernel.org (v2.6.38+) Signed-off-by:NeilBrown <neilb@suse.com> Signed-off-by:
Trond Myklebust <trond.myklebust@hammerspace.com>
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
| Name | Last commit | Last update |
|---|---|---|
| .. | ||
| Makefile | ||
| clnt4xdr.c | ||
| clntlock.c | ||
| clntproc.c | ||
| clntxdr.c | ||
| host.c | ||
| mon.c | ||
| netns.h | ||
| procfs.c | ||
| procfs.h | ||
| svc.c | ||
| svc4proc.c | ||
| svclock.c | ||
| svcproc.c | ||
| svcshare.c | ||
| svcsubs.c | ||
| xdr.c | ||
| xdr4.c | ||