[3.8.y.z extended stable] Patch "NFS: Fix a delegation callback race" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Fri Mar 28 00:53:55 UTC 2014 

This is a note to let you know that I have just added a patch titled

    NFS: Fix a delegation callback race

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue

This patch is scheduled to be released in version 3.8.13.21.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From 08b3cf4bcdb57891802b0b389a165ec5fb08cc61 Mon Sep 17 00:00:00 2001
From: Trond Myklebust <trond.myklebust at primarydata.com>
Date: Sun, 2 Mar 2014 22:03:12 -0500
Subject: NFS: Fix a delegation callback race

commit 755a48a7a4eb05b9c8424e3017d947b2961a60e0 upstream.

The clean-up in commit 36281caa839f ended up removing a NULL pointer check
that is needed in order to prevent an Oops in
nfs_async_inode_return_delegation().

Reported-by: "Yan, Zheng" <zheng.z.yan at intel.com>
Link: http://lkml.kernel.org/r/5313E9F6.2020405@intel.com
Fixes: 36281caa839f (NFSv4: Further clean-ups of delegation stateid validation)
Signed-off-by: Trond Myklebust <trond.myklebust at primarydata.com>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 fs/nfs/delegation.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/fs/nfs/delegation.c b/fs/nfs/delegation.c
index 81c5eec..dc1fc44 100644
--- a/fs/nfs/delegation.c
+++ b/fs/nfs/delegation.c
@@ -547,16 +547,19 @@ int nfs_async_inode_return_delegation(struct inode *inode,

 	rcu_read_lock();
 	delegation = rcu_dereference(NFS_I(inode)->delegation);
+	if (delegation == NULL)
+		goto out_enoent;

-	if (!clp->cl_mvops->match_stateid(&delegation->stateid, stateid)) {
-		rcu_read_unlock();
-		return -ENOENT;
-	}
+	if (!clp->cl_mvops->match_stateid(&delegation->stateid, stateid))
+		goto out_enoent;
 	nfs_mark_return_delegation(server, delegation);
 	rcu_read_unlock();

 	nfs_delegation_run_state_manager(clp);
 	return 0;
+out_enoent:
+	rcu_read_unlock();
+	return -ENOENT;
 }

 static struct inode *
--
1.8.3.2

More information about the kernel-team mailing list