> On Mar 9, 2021, at 1:21 PM, Dai Ngo <dai.ngo@xxxxxxxxxx> wrote:
>
> On 3/9/21 6:41 AM, Olga Kornievskaia wrote:
>
>> From: Olga Kornievskaia <kolga@xxxxxxxxxx>
>>
>> A cleanup of the inter SSC copy needs to call fput() of the source
>> file handle to make sure that file structure is freed as well as
>> drop the reference on the superblock to unmount the source server.
>
> Thanks Olga, I tested the patch and verified that the source was
> unmounted and the file resources were released properly.
>
> Tested-by: Dai Ngo <dai.ngo@xxxxxxxxxx>
Thanks to you both! This has been added to the for-rc topic branch
in:
git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux.git
replacing Dai's earlier patch addressing the same issue.
>> Fixes: 36e1e5ba90fb ("NFSD: Fix use-after-free warning when doing inter-server copy")
>> Signed-off-by: Olga Kornievskaia <kolga@xxxxxxxxxx>
>> ---
>> fs/nfsd/nfs4proc.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
>> index 8d6d2678abad..3581ce737e85 100644
>> --- a/fs/nfsd/nfs4proc.c
>> +++ b/fs/nfsd/nfs4proc.c
>> @@ -1304,7 +1304,7 @@ nfsd4_cleanup_inter_ssc(struct vfsmount *ss_mnt, struct nfsd_file *src,
>> struct nfsd_file *dst)
>> {
>> nfs42_ssc_close(src->nf_file);
>> - /* 'src' is freed by nfsd4_do_async_copy */
>> + fput(src->nf_file);
>> nfsd_file_put(dst);
>> mntput(ss_mnt);
>> }
--
Chuck Lever
