Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2538500imu; Thu, 29 Nov 2018 06:35:05 -0800 (PST) X-Google-Smtp-Source: AFSGD/Vg+HppbfWTmveWn2FzhBAkwVgr+iZPlJrp3t2LudOSC5KEcTWjTL5i3c0WS85p51wM2TPb X-Received: by 2002:a63:6302:: with SMTP id x2mr1413283pgb.183.1543502105726; Thu, 29 Nov 2018 06:35:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543502105; cv=none; d=google.com; s=arc-20160816; b=NdVUGRPLJYRweC0S8M0c/AXA9bQYkwn4XcaecIKw3hZX2Gdtw5W+7v24HXUHyAsv7w JKCpifv3hdMJeQtn1jArgP3DAtN3jgQye14Jcx1dDXX3D9iwndv5jYl7ph+grh9Edxoh 7KmfCuL/wZHcYdqG8XH6vtwRLIYAyW/V5uoDAZhGisVsT04juGfC6ntBqYKNmnZPczyU XV2Vw5H7nwFv7bJt76+9j8xYHtCAVhSmW90AdxO62Y+yMIT/7wjBXi8RY4gx9TxVsAqB F5/rYmVs3MSZTOQNE9A8b31B45qKf3sXRCdfhwRYjFYrAAKd/g7npE8ZwYbry10tIsBl uq3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=kAhaGVtZ0t6ASYv5lc7N/sgTKywqXzrW6YtTqVAKzu8=; b=i6/307rlyWL3CHKYtIGC6Uml0+2U+Civ0A/I1+RAYW9S3CfTfkDyA1S9avWmMs9Ht3 WQuJf90h//KhNBaMEgURm7gvBfr1y/tuYjZice+0mbeQWmwAjhs6etCdc/IgMt2u1jy/ +oz/CBip3Nvmh3dXpHGgxHgLfGgCvWbsBE+rf6F+pfjolQ7jq8uDRdP9YCXbUn3KVvYd IbCEtKe0eoXXsbfZZbUk5q/KYEe5If3j9SSUrc5Nln2STAfQPWsWUsZrDOX7/AUFcJ6J sASfYfvNFdO846g+7Jhnwz3tmZ8DuN0lDoCaCs8O8ZGdZce/tRt5qqCJBvOY1Vf1CUSH xhsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=cBZmk6C2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t74si1960543pgc.150.2018.11.29.06.34.51; Thu, 29 Nov 2018 06:35:05 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=cBZmk6C2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389521AbeK3BiK (ORCPT + 99 others); Thu, 29 Nov 2018 20:38:10 -0500 Received: from mail.kernel.org ([198.145.29.99]:41502 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729157AbeK3BiI (ORCPT ); Thu, 29 Nov 2018 20:38:08 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E0DE1213A2; Thu, 29 Nov 2018 14:32:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1543501955; bh=HAzIvAm1Iy/O6N57Sj87DvaUEc7m5o7sL70gI59bZhQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cBZmk6C2mT4wQOQ7oCbdK2k3/IsmtdTmjsKgWZG1NCl+9XSVLB7MnWsko1iP7kA7l B5T5Y7YMkvAdfg8csW95a1RqFIbCX3bnch/cAxPYkYv1OHGHkjuFBbQ3OlkrW/f6jg sb5OykurZz5ljSwvuDvsvCbJpF7imPRKp3x9I8vM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Trond Myklebust , Sasha Levin Subject: [PATCH 4.19 092/110] NFSv4: Fix an Oops during delegation callbacks Date: Thu, 29 Nov 2018 15:13:03 +0100 Message-Id: <20181129135924.971468147@linuxfoundation.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181129135921.231283053@linuxfoundation.org> References: <20181129135921.231283053@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit e39d8a186ed002854196668cb7562ffdfbc6d379 ] If the server sends a CB_GETATTR or a CB_RECALL while the filesystem is being unmounted, then we can Oops when releasing the inode in nfs4_callback_getattr() and nfs4_callback_recall(). Signed-off-by: Trond Myklebust Signed-off-by: Sasha Levin --- fs/nfs/callback_proc.c | 4 ++-- fs/nfs/delegation.c | 11 +++++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/fs/nfs/callback_proc.c b/fs/nfs/callback_proc.c index fa515d5ea5ba..7b861bbc0b43 100644 --- a/fs/nfs/callback_proc.c +++ b/fs/nfs/callback_proc.c @@ -66,7 +66,7 @@ __be32 nfs4_callback_getattr(void *argp, void *resp, out_iput: rcu_read_unlock(); trace_nfs4_cb_getattr(cps->clp, &args->fh, inode, -ntohl(res->status)); - iput(inode); + nfs_iput_and_deactive(inode); out: dprintk("%s: exit with status = %d\n", __func__, ntohl(res->status)); return res->status; @@ -108,7 +108,7 @@ __be32 nfs4_callback_recall(void *argp, void *resp, } trace_nfs4_cb_recall(cps->clp, &args->fh, inode, &args->stateid, -ntohl(res)); - iput(inode); + nfs_iput_and_deactive(inode); out: dprintk("%s: exit with status = %d\n", __func__, ntohl(res)); return res; diff --git a/fs/nfs/delegation.c b/fs/nfs/delegation.c index f033f3a69a3b..75fe92eaa681 100644 --- a/fs/nfs/delegation.c +++ b/fs/nfs/delegation.c @@ -849,16 +849,23 @@ nfs_delegation_find_inode_server(struct nfs_server *server, const struct nfs_fh *fhandle) { struct nfs_delegation *delegation; - struct inode *res = NULL; + struct inode *freeme, *res = NULL; list_for_each_entry_rcu(delegation, &server->delegations, super_list) { spin_lock(&delegation->lock); if (delegation->inode != NULL && nfs_compare_fh(fhandle, &NFS_I(delegation->inode)->fh) == 0) { - res = igrab(delegation->inode); + freeme = igrab(delegation->inode); + if (freeme && nfs_sb_active(freeme->i_sb)) + res = freeme; spin_unlock(&delegation->lock); if (res != NULL) return res; + if (freeme) { + rcu_read_unlock(); + iput(freeme); + rcu_read_lock(); + } return ERR_PTR(-EAGAIN); } spin_unlock(&delegation->lock); -- 2.17.1