Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2467183pxb; Mon, 18 Jan 2021 20:10:44 -0800 (PST) X-Google-Smtp-Source: ABdhPJwH48dTHcnkTdLDfbL3p5MRE1s993HYp0CorAIMwZFufTNhVeUjfyDe56fRYvVY/04HQndY X-Received: by 2002:a05:6402:50ca:: with SMTP id h10mr1855232edb.181.1611029444779; Mon, 18 Jan 2021 20:10:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611029444; cv=none; d=google.com; s=arc-20160816; b=KEOEXtDLq0vGXuml+07fsmxgokdgass6CGDOKFItEd0yCSQFfV18dUJ8p6vwGDYbYX kLw5L7HeQR1vEJEXFFO5G6RLX79Lmtz4w5l5h2eih3lSgOO+w9bSmV94Ietg5ezzrjC5 lvgHYNLoYf6kh9GnD2oqUNK32ajYBi0uw4HFW7E7rQ3a8XmN8xG8WkGqXHfhpHRaEywK mDYv4xUsJiQzOaPvLAV5b7pr4JXt7QnKDPyoG6UeCwlycsi2U9mB79yXE13Sx9wp4xYM OLlIe3H5DZFzYOGY5gLdu+B2lnlKQy+kFP5AztyN+pNALFYJ4eUj+T6wZp0Nyd6NCG9T pEFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=NxIPbPGMCAFZFe6zBC4pcnaorqJ5clddbf6K9V/UbNE=; b=b3U/3XHTRLRC3QwGXXzNJNy8XrqbWPsThR1PUwlHzzIS5lG7kteJJTvRiTr/bVHKyf Wyia1EVyNzf374A7lJEsZgO2sI4B+oimWKjDaDfGGp9U6xz/D7FvsEzmJbMmTFmvJqZE w7LpU0PT4MRW1zuTPNar3O/dCB5LGKrA+Wh7m3ubmvgA6fy7ZXYuIpKRUbX4UpGtBNFp uKM/OxcONFbtZ2Sv29STafeNVPgaKKl16WqoRogp0/UER8nmwo84byFsP1tDFlyJdy1N NLbByiTtxtWNRs+G+vX7gn4E+VPz5O2Kj2fKLEpRmVxHCu9hEQNMyUh0dGbJJAQdTLiZ 2Wcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=UArGULIY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h12si42352edv.277.2021.01.18.20.10.20; Mon, 18 Jan 2021 20:10:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=UArGULIY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390916AbhARM2c (ORCPT + 99 others); Mon, 18 Jan 2021 07:28:32 -0500 Received: from mail.kernel.org ([198.145.29.99]:39226 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390846AbhARLpv (ORCPT ); Mon, 18 Jan 2021 06:45:51 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id AF88C22D70; Mon, 18 Jan 2021 11:45:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1610970319; bh=Zgk/19i1yMlq4oz+1uWUniWM+GHBsARsGPeYHZlzWAI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UArGULIYhKd3EtDFlPVWoFQghGR2diheLiXWDZlv7ejIn509A1JregSx35C96NNqy 1Knyzmlu82KTMORR/dLupAjr4fGkz/IMg+HDH/ZRUqxv/l7ztCe8t4VGjUSvrhSu+6 XJx2ZWktZqZWRjgZ5lpPJuJERYap0HnKDCxJcMVY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Trond Myklebust Subject: [PATCH 5.10 129/152] NFS: nfs_delegation_find_inode_server must first reference the superblock Date: Mon, 18 Jan 2021 12:35:04 +0100 Message-Id: <20210118113358.906826201@linuxfoundation.org> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210118113352.764293297@linuxfoundation.org> References: <20210118113352.764293297@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Trond Myklebust commit 113aac6d567bda783af36d08f73bfda47d8e9a40 upstream. Before referencing the inode, we must ensure that the superblock can be referenced. Otherwise, we can end up with iput() calling superblock operations that are no longer valid or accessible. Fixes: e39d8a186ed0 ("NFSv4: Fix an Oops during delegation callbacks") Signed-off-by: Trond Myklebust Signed-off-by: Greg Kroah-Hartman --- fs/nfs/delegation.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) --- a/fs/nfs/delegation.c +++ b/fs/nfs/delegation.c @@ -1011,22 +1011,24 @@ nfs_delegation_find_inode_server(struct const struct nfs_fh *fhandle) { struct nfs_delegation *delegation; - struct inode *freeme, *res = NULL; + struct super_block *freeme = NULL; + struct inode *res = NULL; list_for_each_entry_rcu(delegation, &server->delegations, super_list) { spin_lock(&delegation->lock); if (delegation->inode != NULL && !test_bit(NFS_DELEGATION_REVOKED, &delegation->flags) && nfs_compare_fh(fhandle, &NFS_I(delegation->inode)->fh) == 0) { - freeme = igrab(delegation->inode); - if (freeme && nfs_sb_active(freeme->i_sb)) - res = freeme; + if (nfs_sb_active(server->super)) { + freeme = server->super; + res = igrab(delegation->inode); + } spin_unlock(&delegation->lock); if (res != NULL) return res; if (freeme) { rcu_read_unlock(); - iput(freeme); + nfs_sb_deactive(freeme); rcu_read_lock(); } return ERR_PTR(-EAGAIN);