Commit 31f7aa65 authored by J. Bruce Fields's avatar J. Bruce Fields

svcrpc: modifying valid sunrpc cache entries is racy

Once a sunrpc cache entry is VALID, we should be replacing it (and
allowing any concurrent users to destroy it on last put) instead of
trying to update it in place.

Otherwise someone referencing the ip_map we're modifying here could try
to use the m_client just as we're putting the last reference.

The bug should only be seen by users of the legacy nfsd interfaces.

(Thanks to Neil for suggestion to use sunrpc_invalidate.)
Reviewed-by: default avatarNeilBrown <neilb@suse.de>
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent 22b6dee8
...@@ -401,8 +401,7 @@ struct auth_domain *auth_unix_lookup(struct net *net, struct in6_addr *addr) ...@@ -401,8 +401,7 @@ struct auth_domain *auth_unix_lookup(struct net *net, struct in6_addr *addr)
return NULL; return NULL;
if ((ipm->m_client->addr_changes - ipm->m_add_change) >0) { if ((ipm->m_client->addr_changes - ipm->m_add_change) >0) {
if (test_and_set_bit(CACHE_NEGATIVE, &ipm->h.flags) == 0) sunrpc_invalidate(&ipm->h, sn->ip_map_cache);
auth_domain_put(&ipm->m_client->h);
rv = NULL; rv = NULL;
} else { } else {
rv = &ipm->m_client->h; rv = &ipm->m_client->h;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment