From: Trond Myklebust <Trond.Myklebust@netapp.com>
Date: Fri, 15 Jun 2012 17:02:58 +0000 (-0400)
Subject: NFSv4.1: Fix a race in set_pnfs_layoutdriver
X-Git-Tag: firefly_0821_release~3680^2~2571^2~3
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=0a9c63fae7df086ff5e107273c3cce8642430974;p=firefly-linux-kernel-4.4.55.git

NFSv4.1: Fix a race in set_pnfs_layoutdriver

The call to try_module_get() dereferences ld_type outside the
spin locks, which means that it may be pointing to garbage if
a module unload was in progress.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
---

diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c
index bdf7e52943c8..bbc49caa7a82 100644
--- a/fs/nfs/pnfs.c
+++ b/fs/nfs/pnfs.c
@@ -70,6 +70,10 @@ find_pnfs_driver(u32 id)
 
 	spin_lock(&pnfs_spinlock);
 	local = find_pnfs_driver_locked(id);
+	if (local != NULL && !try_module_get(local->owner)) {
+		dprintk("%s: Could not grab reference on module\n", __func__);
+		local = NULL;
+	}
 	spin_unlock(&pnfs_spinlock);
 	return local;
 }
@@ -118,10 +122,6 @@ set_pnfs_layoutdriver(struct nfs_server *server, const struct nfs_fh *mntfh,
 			goto out_no_driver;
 		}
 	}
-	if (!try_module_get(ld_type->owner)) {
-		dprintk("%s: Could not grab reference on module\n", __func__);
-		goto out_no_driver;
-	}
 	server->pnfs_curr_ld = ld_type;
 	if (ld_type->set_layoutdriver
 	    && ld_type->set_layoutdriver(server, mntfh)) {