Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3402769pxf;
        Mon, 22 Mar 2021 05:46:10 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxN6D+rxM7LyKhS2JuJkYIx5p15SAX8KnBJ8wM2QTaqr+zdZIn2HYirl1smormiiSq/k24N
X-Received: by 2002:a05:6402:1691:: with SMTP id a17mr25534805edv.336.1616417065216;
        Mon, 22 Mar 2021 05:44:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1616417065; cv=none;
        d=google.com; s=arc-20160816;
        b=Ts7C8huOauvz/sHAiBD7P9CLrGsu+yMoI9BrNN7BxeZkQe0Lkicea0dRw1wFUy3H5V
         oU625aWIOOq05bDhqnppbgSncKifLsQQImved9tfcmYVIWNv9o6dOzjY+o8/2wLlVpwX
         t1G8sTYw13XLT2d2enJYHu+U8TvKpHTX7Jy/ALbLvycWN3dGFaGkjcRPClr5kOMbAEdO
         CSNUGDs0n2LY5pmVm+q20hBBHfItBOi3aM7FkZpFAB9xfGSlMfB9rRDNyvkY/QrLFG7W
         L3R8sXQd0UbSmKHfTFhHwWbVNGOwg2mFGU3bPH5gbgW6J5l9hKDiRDyXgaJcyJY4w8ey
         rfYA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=5TzI5Aty+jfHdWh/WcBbhVynvULBWldY6BUmHF96cak=;
        b=nrNFjPCKC1OrqCRZuaBcRIC9dM9lqJrev97F/f7kpgULz9M2/ki0uzsoa7W3vdRpab
         WR1y0DO0OxnVmSmjtGicPiVMcOClftpsoVfBxqOZbjce8hTmJxutjElUGhkM090G/HHT
         GaCddUyYiGZciHjELQx904JT7IKZq4aFssNY5KB3lmnbImvcf6Q2nFapXFctBgUNIEKX
         Fjiq1dhiZQqRhHo3+zCzd3pTkPWP2dWo1z+TudnBplW2fOuaUD9JG26ZU0C6r31yhrkK
         laaVKVHLz/QgqmHIEGcST67ndA9sKog9gEJgkARZm8JBSU9zFyj27jVjh22vCBuklEf1
         V4iw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=uGGDwqhe;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id d21si11062774ejw.331.2021.03.22.05.44.02;
        Mon, 22 Mar 2021 05:44:25 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=uGGDwqhe;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232516AbhCVMmq (ORCPT <rfc822;macmurkernel@gmail.com>
        + 99 others); Mon, 22 Mar 2021 08:42:46 -0400
Received: from mail.kernel.org ([198.145.29.99]:55578 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S231626AbhCVMg5 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 22 Mar 2021 08:36:57 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id 4CADF619A6;
        Mon, 22 Mar 2021 12:36:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1616416586;
        bh=4OicLWHw75keUaihh6fGQqkS59D1DgzrKVDkdcazLPg=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=uGGDwqhePAUkg+A7/3gkQApx6FSlJxG5n++kWb3Eem2GaA8tqgGcv4GFCqMnFLvSG
         jeUTRFuT9DMqbzr1wv7uYKCSL9/s8LrtERuQOeoV0/NP6yvDIBNr2MEYyoGf4rInC1
         4L/KWvLokKbo1DHAZ7G5aH0k25dgHXRSNMx6OsuY=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Olga Kornievskaia <kolga@netapp.com>,
        Chuck Lever <chuck.lever@oracle.com>,
        Dai Ngo <dai.ngo@oracle.com>
Subject: [PATCH 5.10 044/157] NFSD: fix dest to src mount in inter-server COPY
Date:   Mon, 22 Mar 2021 13:26:41 +0100
Message-Id: <20210322121935.146886657@linuxfoundation.org>
X-Mailer: git-send-email 2.31.0
In-Reply-To: <20210322121933.746237845@linuxfoundation.org>
References: <20210322121933.746237845@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Olga Kornievskaia <kolga@netapp.com>

commit 614c9750173e412663728215152cc6d12bcb3425 upstream.

A cleanup of the inter SSC copy needs to call fput() of the source
file handle to make sure that file structure is freed as well as
drop the reference on the superblock to unmount the source server.

Fixes: 36e1e5ba90fb ("NFSD: Fix use-after-free warning when doing inter-server copy")
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Tested-by: Dai Ngo <dai.ngo@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/nfsd/nfs4proc.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1299,7 +1299,7 @@ nfsd4_cleanup_inter_ssc(struct vfsmount
 			struct nfsd_file *dst)
 {
 	nfs42_ssc_close(src->nf_file);
-	/* 'src' is freed by nfsd4_do_async_copy */
+	fput(src->nf_file);
 	nfsd_file_put(dst);
 	mntput(ss_mnt);
 }