Commit cba9ba4b authored by J. Bruce Fields's avatar J. Bruce Fields

nfsd4: fix delegation recall race use-after-free

When the rarely-used callback-connection-changing setclientid occurs
simultaneously with a delegation recall, we rerun the recall by
requeueing it on a workqueue.  But we also need to take a reference on
the delegation in that case, since the delegation held by the rpc itself
will be released by the rpc_release callback.
Signed-off-by: default avatarJ. Bruce Fields <bfields@citi.umich.edu>
parent ac94bf58
...@@ -689,6 +689,7 @@ static void nfsd4_cb_recall_done(struct rpc_task *task, void *calldata) ...@@ -689,6 +689,7 @@ static void nfsd4_cb_recall_done(struct rpc_task *task, void *calldata)
warn_no_callback_path(clp, task->tk_status); warn_no_callback_path(clp, task->tk_status);
if (current_rpc_client != task->tk_client) { if (current_rpc_client != task->tk_client) {
/* queue a callback on the new connection: */ /* queue a callback on the new connection: */
atomic_inc(&dp->dl_count);
nfsd4_cb_recall(dp); nfsd4_cb_recall(dp);
return; return;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment