Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3396325pxf;
        Mon, 22 Mar 2021 05:36:17 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyy8U9Nn7ylGireTW6CrfOiKxbNjvWl6SXYVsxPdXYU/I65lF5SGBp8bY8+IJz2UAeJghp8
X-Received: by 2002:a17:906:a0d4:: with SMTP id bh20mr19042666ejb.348.1616416576942;
        Mon, 22 Mar 2021 05:36:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1616416576; cv=none;
        d=google.com; s=arc-20160816;
        b=MBLdRDWGhuIQlMAqbD4FbhLME5fiaqG1F14p1Fstn+EC+ffVwO17JlcUh3wNwY262u
         oUfqrUnV2+i+upXvmXd4N91719DwcZUE56wxF9OZvem6nheB4PLTNvqogKLCX0nPwhHy
         Lx3Yx3OKbJvqhwfxP8icN8kltg9buXLkJEiXc8ahIPBzrOE5O/SdfT45NU3j4XCjLsnE
         UBLt984xuS+Zl63As9fo8ml6ChXkKPEkp2qR4kT7cIuErn06cQ2gZPtIGj4HPKK+zmn4
         LVx7dRyTf7oT1u29EwqAiAQJbsL2pCkjLocZU/mrTnDunRJjEzBYSmYSPg9PvfJXFwDB
         /wfg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=3nzxTCj6ky9MvCl+cL1eA6fejtasuUvbUcPwTBihjB8=;
        b=hrh5T3O17Css9YO/lE0MlINmJLw4iSlubv0pI01/8jExmCvJqlpNQY3QAISIHNZlwA
         w7AgWbeIfMrDHJj+uJTpQa7cf73NUoWbbAbQotBv0V+crS0WSwsSWP6wgQpZp5rJ18XD
         9vdDO1tmksH9cres5CAbEt4xmFHvAPohyfsp4fj7QAcxSbMuUtP3eGiZNda5xGbgLd+1
         +f/QotIg9hCsvjo/4DGhjgCd1k76CDDuQMeiybpeUTNIun5dYZySTY3tswT9GosOodVG
         S0uczTPhHQXeacAfVYNyoN+hAI5HxnuSukfsMSFL++32WhjuIGnXpkP2ch3S+YAmq56L
         WpgA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Lnuxnovv;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id l23si10844822ejq.537.2021.03.22.05.35.54;
        Mon, 22 Mar 2021 05:36:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Lnuxnovv;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229987AbhCVMdB (ORCPT <rfc822;macmurkernel@gmail.com>
        + 99 others); Mon, 22 Mar 2021 08:33:01 -0400
Received: from mail.kernel.org ([198.145.29.99]:53874 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S231340AbhCVMbZ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 22 Mar 2021 08:31:25 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 1F2CC61992;
        Mon, 22 Mar 2021 12:31:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1616416284;
        bh=6GFbRAZsPl//1pDmXBHQ+vZWCPBlRNlZ5dVRuKzJEZE=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=Lnuxnovv/ek5u9IuFKNuh/bTzGyEaP8KVWxZDz6zm0J4nRhzH+IywjvBFlypmnFtZ
         IqkBZVzKyjXg0CWyCwH1cwsG/K5fsIMZukfzKV11hFmnLGCv6xyQZvYowBn0NwrckB
         3KPqi5ie5To6f9bVRTv5Bq7BhWBaXMsDTIHw+aTo=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Olga Kornievskaia <kolga@netapp.com>,
        Chuck Lever <chuck.lever@oracle.com>,
        Dai Ngo <dai.ngo@oracle.com>
Subject: [PATCH 5.11 049/120] NFSD: fix dest to src mount in inter-server COPY
Date:   Mon, 22 Mar 2021 13:27:12 +0100
Message-Id: <20210322121931.314446867@linuxfoundation.org>
X-Mailer: git-send-email 2.31.0
In-Reply-To: <20210322121929.669628946@linuxfoundation.org>
References: <20210322121929.669628946@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Olga Kornievskaia <kolga@netapp.com>

commit 614c9750173e412663728215152cc6d12bcb3425 upstream.

A cleanup of the inter SSC copy needs to call fput() of the source
file handle to make sure that file structure is freed as well as
drop the reference on the superblock to unmount the source server.

Fixes: 36e1e5ba90fb ("NFSD: Fix use-after-free warning when doing inter-server copy")
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Tested-by: Dai Ngo <dai.ngo@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/nfsd/nfs4proc.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1304,7 +1304,7 @@ nfsd4_cleanup_inter_ssc(struct vfsmount
 			struct nfsd_file *dst)
 {
 	nfs42_ssc_close(src->nf_file);
-	/* 'src' is freed by nfsd4_do_async_copy */
+	fput(src->nf_file);
 	nfsd_file_put(dst);
 	mntput(ss_mnt);
 }