diff mbox series

[1/1] NFSD: fix dest to src mount in inter-server COPY

Message ID 20210309144114.57778-1-olga.kornievskaia@gmail.com (mailing list archive)
State New
Headers show
Series [1/1] NFSD: fix dest to src mount in inter-server COPY | expand

Commit Message

Olga Kornievskaia March 9, 2021, 2:41 p.m. UTC
From: Olga Kornievskaia <kolga@netapp.com>

A cleanup of the inter SSC copy needs to call fput() of the source
file handle to make sure that file structure is freed as well as
drop the reference on the superblock to unmount the source server.

Fixes: 36e1e5ba90fb ("NFSD: Fix use-after-free warning when doing inter-server copy")
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
---
 fs/nfsd/nfs4proc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Dai Ngo March 9, 2021, 6:21 p.m. UTC | #1
On 3/9/21 6:41 AM, Olga Kornievskaia wrote:

> From: Olga Kornievskaia <kolga@netapp.com>
>
> A cleanup of the inter SSC copy needs to call fput() of the source
> file handle to make sure that file structure is freed as well as
> drop the reference on the superblock to unmount the source server.

Thanks Olga, I tested the patch and verified that the source was
unmounted and the file resources were released properly.

Tested-by: Dai Ngo <dai.ngo@oracle.com>

>
> Fixes: 36e1e5ba90fb ("NFSD: Fix use-after-free warning when doing inter-server copy")
> Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
> ---
>   fs/nfsd/nfs4proc.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
> index 8d6d2678abad..3581ce737e85 100644
> --- a/fs/nfsd/nfs4proc.c
> +++ b/fs/nfsd/nfs4proc.c
> @@ -1304,7 +1304,7 @@ nfsd4_cleanup_inter_ssc(struct vfsmount *ss_mnt, struct nfsd_file *src,
>   			struct nfsd_file *dst)
>   {
>   	nfs42_ssc_close(src->nf_file);
> -	/* 'src' is freed by nfsd4_do_async_copy */
> +	fput(src->nf_file);
>   	nfsd_file_put(dst);
>   	mntput(ss_mnt);
>   }
Chuck Lever III March 10, 2021, 3:54 p.m. UTC | #2
> On Mar 9, 2021, at 1:21 PM, Dai Ngo <dai.ngo@oracle.com> wrote:
> 
> On 3/9/21 6:41 AM, Olga Kornievskaia wrote:
> 
>> From: Olga Kornievskaia <kolga@netapp.com>
>> 
>> A cleanup of the inter SSC copy needs to call fput() of the source
>> file handle to make sure that file structure is freed as well as
>> drop the reference on the superblock to unmount the source server.
> 
> Thanks Olga, I tested the patch and verified that the source was
> unmounted and the file resources were released properly.
> 
> Tested-by: Dai Ngo <dai.ngo@oracle.com>

Thanks to you both! This has been added to the for-rc topic branch
in:

git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git

replacing Dai's earlier patch addressing the same issue.


>> Fixes: 36e1e5ba90fb ("NFSD: Fix use-after-free warning when doing inter-server copy")
>> Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
>> ---
>>  fs/nfsd/nfs4proc.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>> 
>> diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
>> index 8d6d2678abad..3581ce737e85 100644
>> --- a/fs/nfsd/nfs4proc.c
>> +++ b/fs/nfsd/nfs4proc.c
>> @@ -1304,7 +1304,7 @@ nfsd4_cleanup_inter_ssc(struct vfsmount *ss_mnt, struct nfsd_file *src,
>>  			struct nfsd_file *dst)
>>  {
>>  	nfs42_ssc_close(src->nf_file);
>> -	/* 'src' is freed by nfsd4_do_async_copy */
>> +	fput(src->nf_file);
>>  	nfsd_file_put(dst);
>>  	mntput(ss_mnt);
>>  }

--
Chuck Lever
diff mbox series

Patch

diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index 8d6d2678abad..3581ce737e85 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1304,7 +1304,7 @@  nfsd4_cleanup_inter_ssc(struct vfsmount *ss_mnt, struct nfsd_file *src,
 			struct nfsd_file *dst)
 {
 	nfs42_ssc_close(src->nf_file);
-	/* 'src' is freed by nfsd4_do_async_copy */
+	fput(src->nf_file);
 	nfsd_file_put(dst);
 	mntput(ss_mnt);
 }