svcrpc: modifying valid sunrpc cache entries is racy

Once a sunrpc cache entry is VALID, we should be replacing it (and allowing any concurrent users to destroy it on last put) instead of trying to update it in place. Otherwise someone referencing the ip_map we're modifying here could try to use the m_client just as we're putting the last reference. The bug should only be seen by users of the legacy nfsd interfaces. (Thanks to Neil for suggestion to use sunrpc_invalidate.) Reviewed-by: NeilBrown <neilb@suse.de> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
author: J. Bruce Fields <bfields@redhat.com> 2010-12-24 14:03:38 -0500
committer: J. Bruce Fields <bfields@redhat.com> 2011-01-04 16:47:29 -0500
commit: 31f7aa65f536995c6d933c57230919ae408952a5 (patch)
tree: 61b9620af68d846b70a1b256d29c2a0b91febef0 /net/sunrpc
parent: 22b6dee842c6341b49bc09cc5728eb2f8f2b3766 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/net/sunrpc/svcauth_unix.c b/net/sunrpc/svcauth_unix.c
index a04ac9193d59..59a7c524a8b1 100644
--- a/net/sunrpc/svcauth_unix.c
+++ b/net/sunrpc/svcauth_unix.c
@@ -401,8 +401,7 @@ struct auth_domain *auth_unix_lookup(struct net *net, struct in6_addr *addr)
 		return NULL;
 
 	if ((ipm->m_client->addr_changes - ipm->m_add_change) >0) {
-		if (test_and_set_bit(CACHE_NEGATIVE, &ipm->h.flags) == 0)
-			auth_domain_put(&ipm->m_client->h);
+		sunrpc_invalidate(&ipm->h, sn->ip_map_cache);
 		rv = NULL;
 	} else {
 		rv = &ipm->m_client->h;
author	J. Bruce Fields <bfields@redhat.com>	2010-12-24 14:03:38 -0500
committer	J. Bruce Fields <bfields@redhat.com>	2011-01-04 16:47:29 -0500
commit	31f7aa65f536995c6d933c57230919ae408952a5 (patch)
tree	61b9620af68d846b70a1b256d29c2a0b91febef0 /net/sunrpc
parent	22b6dee842c6341b49bc09cc5728eb2f8f2b3766 (diff)