• Steve Dickson's avatar
    NFSv4: nfs4_state_manager() vs. nfs_server_remove_lists() · 080af20c
    Steve Dickson authored
    There is a race between nfs4_state_manager() and
    nfs_server_remove_lists() that happens during a nfsv3 mount.
    
    The v3 mount notices there is already a supper block so
    nfs_server_remove_lists() called which uses the nfs_client_lock
    spin lock to synchronize access to the client list.
    
    At the same time nfs4_state_manager() is running through
    the client list looking for work to do, using the same
    lock. When nfs4_state_manager() wins the race to the
    list, a v3 client pointer is found and not ignored
    properly which causes the panic.
    
    Moving some protocol checks before the state checking
    avoids the panic.
    
    CC: Stable Tree <stable@vger.kernel.org>
    Signed-off-by: default avatarSteve Dickson <steved@redhat.com>
    Signed-off-by: default avatarTrond Myklebust <trond.myklebust@primarydata.com>
    080af20c
nfs4client.c 30.8 KB