Commit 774f8bbd authored by J. Bruce Fields's avatar J. Bruce Fields

nfsd: fix startup/shutdown order bug

We must create the server before we can call init_socks or check the
number of threads.

Symptoms were a NULL pointer dereference in nfsd_svc().  Problem
identified by Jeff Layton.

Also fix a minor cleanup-on-error case in nfsd_startup().
Reported-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent 039a87ca
...@@ -204,6 +204,9 @@ static bool nfsd_up = false; ...@@ -204,6 +204,9 @@ static bool nfsd_up = false;
static int nfsd_startup(unsigned short port, int nrservs) static int nfsd_startup(unsigned short port, int nrservs)
{ {
int ret; int ret;
if (nfsd_up)
return 0;
/* /*
* Readahead param cache - will no-op if it already exists. * Readahead param cache - will no-op if it already exists.
* (Note therefore results will be suboptimal if number of * (Note therefore results will be suboptimal if number of
...@@ -217,7 +220,7 @@ static int nfsd_startup(unsigned short port, int nrservs) ...@@ -217,7 +220,7 @@ static int nfsd_startup(unsigned short port, int nrservs)
goto out_racache; goto out_racache;
ret = lockd_up(); ret = lockd_up();
if (ret) if (ret)
return ret; goto out_racache;
ret = nfs4_state_start(); ret = nfs4_state_start();
if (ret) if (ret)
goto out_lockd; goto out_lockd;
...@@ -420,7 +423,7 @@ int ...@@ -420,7 +423,7 @@ int
nfsd_svc(unsigned short port, int nrservs) nfsd_svc(unsigned short port, int nrservs)
{ {
int error; int error;
bool first_thread; bool nfsd_up_before;
mutex_lock(&nfsd_mutex); mutex_lock(&nfsd_mutex);
dprintk("nfsd: creating service\n"); dprintk("nfsd: creating service\n");
...@@ -432,29 +435,28 @@ nfsd_svc(unsigned short port, int nrservs) ...@@ -432,29 +435,28 @@ nfsd_svc(unsigned short port, int nrservs)
if (nrservs == 0 && nfsd_serv == NULL) if (nrservs == 0 && nfsd_serv == NULL)
goto out; goto out;
first_thread = (nfsd_serv->sv_nrthreads == 0) && (nrservs != 0); error = nfsd_create_serv();
if (first_thread) {
error = nfsd_startup(port, nrservs);
if (error) if (error)
goto out; goto out;
}
error = nfsd_create_serv(); nfsd_up_before = nfsd_up;
error = nfsd_startup(port, nrservs);
if (error) if (error)
goto out_shutdown; goto out_destroy;
error = svc_set_num_threads(nfsd_serv, NULL, nrservs); error = svc_set_num_threads(nfsd_serv, NULL, nrservs);
if (error) if (error)
goto out_destroy; goto out_shutdown;
/* We are holding a reference to nfsd_serv which /* We are holding a reference to nfsd_serv which
* we don't want to count in the return value, * we don't want to count in the return value,
* so subtract 1 * so subtract 1
*/ */
error = nfsd_serv->sv_nrthreads - 1; error = nfsd_serv->sv_nrthreads - 1;
out_destroy:
svc_destroy(nfsd_serv); /* Release server */
out_shutdown: out_shutdown:
if (error < 0 && first_thread) if (error < 0 && !nfsd_up_before)
nfsd_shutdown(); nfsd_shutdown();
out_destroy:
svc_destroy(nfsd_serv); /* Release server */
out: out:
mutex_unlock(&nfsd_mutex); mutex_unlock(&nfsd_mutex);
return error; return error;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment