Commit e9cc6c23 authored by Trond Myklebust's avatar Trond Myklebust

NFS: Fix a possible Oops in fs/nfs/super.c

Sigh... commit 4584f520 (NFS: Fix NFS
mountpoint crossing...) had a slight flaw: server can be NULL if sget()
returned an existing superblock.

Fix the fix by dereferencing s->s_fs_info.

Thanks to Coverity/Adrian Bunk and Frank Filz for spotting the bug.
(See http://bugzilla.kernel.org/show_bug.cgi?id=9647)

Also add in the same namespace Oops fix for NFSv4 in both the mountpoint
crossing case, and the referral case.
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent b8c9a187
...@@ -1475,7 +1475,7 @@ static int nfs_xdev_get_sb(struct file_system_type *fs_type, int flags, ...@@ -1475,7 +1475,7 @@ static int nfs_xdev_get_sb(struct file_system_type *fs_type, int flags,
error = PTR_ERR(mntroot); error = PTR_ERR(mntroot);
goto error_splat_super; goto error_splat_super;
} }
if (mntroot->d_inode->i_op != server->nfs_client->rpc_ops->dir_inode_ops) { if (mntroot->d_inode->i_op != NFS_SB(s)->nfs_client->rpc_ops->dir_inode_ops) {
dput(mntroot); dput(mntroot);
error = -ESTALE; error = -ESTALE;
goto error_splat_super; goto error_splat_super;
...@@ -1826,6 +1826,11 @@ static int nfs4_xdev_get_sb(struct file_system_type *fs_type, int flags, ...@@ -1826,6 +1826,11 @@ static int nfs4_xdev_get_sb(struct file_system_type *fs_type, int flags,
error = PTR_ERR(mntroot); error = PTR_ERR(mntroot);
goto error_splat_super; goto error_splat_super;
} }
if (mntroot->d_inode->i_op != NFS_SB(s)->nfs_client->rpc_ops->dir_inode_ops) {
dput(mntroot);
error = -ESTALE;
goto error_splat_super;
}
s->s_flags |= MS_ACTIVE; s->s_flags |= MS_ACTIVE;
mnt->mnt_sb = s; mnt->mnt_sb = s;
...@@ -1900,6 +1905,11 @@ static int nfs4_referral_get_sb(struct file_system_type *fs_type, int flags, ...@@ -1900,6 +1905,11 @@ static int nfs4_referral_get_sb(struct file_system_type *fs_type, int flags,
error = PTR_ERR(mntroot); error = PTR_ERR(mntroot);
goto error_splat_super; goto error_splat_super;
} }
if (mntroot->d_inode->i_op != NFS_SB(s)->nfs_client->rpc_ops->dir_inode_ops) {
dput(mntroot);
error = -ESTALE;
goto error_splat_super;
}
s->s_flags |= MS_ACTIVE; s->s_flags |= MS_ACTIVE;
mnt->mnt_sb = s; mnt->mnt_sb = s;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment