On Mon, Aug 02, 2010 at 10:36:20AM -0400, Jeff Layton wrote:
> nevermind...that patch will probably fix this panic, but there's another
> possible one in nfsd_init_socks. We'll have to fix that one too.
(After private conversation with Jeff): something like this?
Compile-tested only.
--b.
commit 86d0cc3b91315c475c1c38ee7a06b5ebe5c01755
Author: J. Bruce Fields <bfields@xxxxxxxxxx>
Date: Mon Aug 2 14:12:44 2010 -0400
nfsd: fix startup/shutdown order bug
We must create the server before we can call init_socks or check the
number of threads.
Symptoms were a NULL pointer dereference in nfsd_svc(). Problem
identified by Jeff Layton.
Reported-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxx>
diff --git a/fs/nfsd/nfssvc.c b/fs/nfsd/nfssvc.c
index 92173bd..1de1cb3 100644
--- a/fs/nfsd/nfssvc.c
+++ b/fs/nfsd/nfssvc.c
@@ -432,29 +432,30 @@ nfsd_svc(unsigned short port, int nrservs)
if (nrservs == 0 && nfsd_serv == NULL)
goto out;
+ error = nfsd_create_serv();
+ if (error)
+ goto out;
+
first_thread = (nfsd_serv->sv_nrthreads == 0) && (nrservs != 0);
if (first_thread) {
error = nfsd_startup(port, nrservs);
if (error)
- goto out;
+ goto out_destroy;
}
- error = nfsd_create_serv();
- if (error)
- goto out_shutdown;
error = svc_set_num_threads(nfsd_serv, NULL, nrservs);
if (error)
- goto out_destroy;
+ goto out_shutdown;
/* We are holding a reference to nfsd_serv which
* we don't want to count in the return value,
* so subtract 1
*/
error = nfsd_serv->sv_nrthreads - 1;
-out_destroy:
- svc_destroy(nfsd_serv); /* Release server */
out_shutdown:
if (error < 0 && first_thread)
nfsd_shutdown();
+out_destroy:
+ svc_destroy(nfsd_serv); /* Release server */
out:
mutex_unlock(&nfsd_mutex);
return error;
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
