diff options
author | Steve Dickson <steved@redhat.com> | 2014-09-18 15:13:17 +0200 |
---|---|---|
committer | Trond Myklebust <trond.myklebust@primarydata.com> | 2014-09-18 19:04:21 +0200 |
commit | 080af20cc945d110f9912d01cf6b66f94a375b8d (patch) | |
tree | cd54ec58f700903855505a200834bf51761bd4b8 /fs/splice.c | |
parent | NFS: remove BUG possibility in nfs4_open_and_get_state (diff) | |
download | linux-080af20cc945d110f9912d01cf6b66f94a375b8d.tar.xz linux-080af20cc945d110f9912d01cf6b66f94a375b8d.zip |
NFSv4: nfs4_state_manager() vs. nfs_server_remove_lists()
There is a race between nfs4_state_manager() and
nfs_server_remove_lists() that happens during a nfsv3 mount.
The v3 mount notices there is already a supper block so
nfs_server_remove_lists() called which uses the nfs_client_lock
spin lock to synchronize access to the client list.
At the same time nfs4_state_manager() is running through
the client list looking for work to do, using the same
lock. When nfs4_state_manager() wins the race to the
list, a v3 client pointer is found and not ignored
properly which causes the panic.
Moving some protocol checks before the state checking
avoids the panic.
CC: Stable Tree <stable@vger.kernel.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Diffstat (limited to 'fs/splice.c')
0 files changed, 0 insertions, 0 deletions