NFSv4.1: Fix a race in set_pnfs_layoutdriver
The call to try_module_get() dereferences ld_type outside the spin locks, which means that it may be pointing to garbage if a module unload was in progress. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This commit is contained in:
parent
2a4c8994ee
commit
0a9c63fae7
|
@ -70,6 +70,10 @@ find_pnfs_driver(u32 id)
|
|||
|
||||
spin_lock(&pnfs_spinlock);
|
||||
local = find_pnfs_driver_locked(id);
|
||||
if (local != NULL && !try_module_get(local->owner)) {
|
||||
dprintk("%s: Could not grab reference on module\n", __func__);
|
||||
local = NULL;
|
||||
}
|
||||
spin_unlock(&pnfs_spinlock);
|
||||
return local;
|
||||
}
|
||||
|
@ -118,10 +122,6 @@ set_pnfs_layoutdriver(struct nfs_server *server, const struct nfs_fh *mntfh,
|
|||
goto out_no_driver;
|
||||
}
|
||||
}
|
||||
if (!try_module_get(ld_type->owner)) {
|
||||
dprintk("%s: Could not grab reference on module\n", __func__);
|
||||
goto out_no_driver;
|
||||
}
|
||||
server->pnfs_curr_ld = ld_type;
|
||||
if (ld_type->set_layoutdriver
|
||||
&& ld_type->set_layoutdriver(server, mntfh)) {
|
||||
|
|
Loading…
Reference in New Issue