From: Eric Van Hensbergen Date: Sun, 8 Jan 2006 09:04:56 +0000 (-0800) Subject: [PATCH] v9fs: fix fd_close X-Git-Tag: firefly_0821_release~39447 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=f5ef3c105bee3a52486d7b55cef3330fcde9bca6;p=firefly-linux-kernel-4.4.55.git [PATCH] v9fs: fix fd_close If a 9pfs server crashes, v9fs_fd_close() is called. Subsequently, in cleaning up by performing a umount() on the FS that was provided by this server v9fs_fd_close() is called again, and uses the old, freed valus of trans->priv. This patch ensures that trans->priv can be freed only once, otherwise this function bails early. Signed-off-by: Michal Ostrowski Signed-off-by: Eric Van Hensbergen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/fs/9p/trans_fd.c b/fs/9p/trans_fd.c index 63b58ce98ff4..b7ffb9859588 100644 --- a/fs/9p/trans_fd.c +++ b/fs/9p/trans_fd.c @@ -148,12 +148,12 @@ static void v9fs_fd_close(struct v9fs_transport *trans) if (!trans) return; - trans->status = Disconnected; - ts = trans->priv; + ts = xchg(&trans->priv, NULL); if (!ts) return; + trans->status = Disconnected; if (ts->in_file) fput(ts->in_file);