aboutsummaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorStanislav Kinsbursky <skinsbursky@parallels.com>2012-07-03 16:46:41 +0400
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2012-10-02 10:30:38 -0700
commitc717dcaf750cd0a43609d8c2016a380e542b28ed (patch)
tree8438f55fa48beb3c7ea276d03d8daa0f8f599127 /fs
parent6a4ebdb6be2ac2ad0e03ca9131573a1f0eadd7d5 (diff)
NFSd: set nfsd_serv to NULL after service destruction
commit 57c8b13e3cd0f94944c9691ce7f58e5fcef8a12d upstream. In nfsd_destroy(): if (destroy) svc_shutdown_net(nfsd_serv, net); svc_destroy(nfsd_server); svc_shutdown_net(nfsd_serv, net) calls nfsd_last_thread(), which sets nfsd_serv to NULL, causing a NULL dereference on the following line. Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/nfsd/nfsd.h2
-rw-r--r--fs/nfsd/nfssvc.c10
2 files changed, 7 insertions, 5 deletions
diff --git a/fs/nfsd/nfsd.h b/fs/nfsd/nfsd.h
index e3339ca2b65..1336a6512cd 100644
--- a/fs/nfsd/nfsd.h
+++ b/fs/nfsd/nfsd.h
@@ -80,6 +80,8 @@ static inline void nfsd_destroy(struct net *net)
if (destroy)
svc_shutdown_net(nfsd_serv, net);
svc_destroy(nfsd_serv);
+ if (destroy)
+ nfsd_serv = NULL;
}
#if defined(CONFIG_NFSD_V2_ACL) || defined(CONFIG_NFSD_V3_ACL)
diff --git a/fs/nfsd/nfssvc.c b/fs/nfsd/nfssvc.c
index a7042fc1b09..b6f8e65f85b 100644
--- a/fs/nfsd/nfssvc.c
+++ b/fs/nfsd/nfssvc.c
@@ -254,8 +254,6 @@ static void nfsd_shutdown(void)
static void nfsd_last_thread(struct svc_serv *serv, struct net *net)
{
- /* When last nfsd thread exits we need to do some clean-up */
- nfsd_serv = NULL;
nfsd_shutdown();
svc_rpcb_cleanup(serv, net);
@@ -332,6 +330,7 @@ static int nfsd_get_default_max_blksize(void)
int nfsd_create_serv(void)
{
int error;
+ struct net *net = current->nsproxy->net_ns;
WARN_ON(!mutex_is_locked(&nfsd_mutex));
if (nfsd_serv) {
@@ -346,7 +345,7 @@ int nfsd_create_serv(void)
if (nfsd_serv == NULL)
return -ENOMEM;
- error = svc_bind(nfsd_serv, current->nsproxy->net_ns);
+ error = svc_bind(nfsd_serv, net);
if (error < 0) {
svc_destroy(nfsd_serv);
return error;
@@ -557,12 +556,13 @@ nfsd(void *vrqstp)
nfsdstats.th_cnt --;
out:
- if (rqstp->rq_server->sv_nrthreads == 1)
- svc_shutdown_net(rqstp->rq_server, &init_net);
+ rqstp->rq_server = NULL;
/* Release the thread */
svc_exit_thread(rqstp);
+ nfsd_destroy(&init_net);
+
/* Release module */
mutex_unlock(&nfsd_mutex);
module_put_and_exit(0);