Skip to content

Commit 415a85c

Browse files
vaveringregkh
authored andcommitted
lockd: lost rollback of set_grace_period() in lockd_down_net()
commit 3a2b19d upstream. Commit efda760 ("lockd: fix lockd shutdown race") is incorrect, it removes lockd_manager and disarm grace_period_end for init_net only. If nfsd was started from another net namespace lockd_up_net() calls set_grace_period() that adds lockd_manager into per-netns list and queues grace_period_end delayed work. These action should be reverted in lockd_down_net(). Otherwise it can lead to double list_add on after restart nfsd in netns, and to use-after-free if non-disarmed delayed work will be executed after netns destroy. Fixes: efda760 ("lockd: fix lockd shutdown race") Cc: [email protected] Signed-off-by: Vasily Averin <[email protected]> Signed-off-by: J. Bruce Fields <[email protected]> Cc: Ben Hutchings <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
1 parent ee551b8 commit 415a85c

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

fs/lockd/svc.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -271,6 +271,8 @@ static void lockd_down_net(struct svc_serv *serv, struct net *net)
271271
if (ln->nlmsvc_users) {
272272
if (--ln->nlmsvc_users == 0) {
273273
nlm_shutdown_hosts_net(net);
274+
cancel_delayed_work_sync(&ln->grace_period_end);
275+
locks_end_grace(&ln->lockd_manager);
274276
svc_shutdown_net(serv, net);
275277
dprintk("lockd_down_net: per-net data destroyed; net=%p\n", net);
276278
}

0 commit comments

Comments
 (0)