git: kernel - Fix nfs server-side shutdown race

Matthew Dillon dillon at crater.dragonflybsd.org
Sun Jun 29 11:12:28 PDT 2014


commit d33df46a67e8da799a4323092d4f626b4522b1ac
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Sun Jun 29 11:08:05 2014 -0700

    kernel - Fix nfs server-side shutdown race
    
    * Fix issues where slp->ns_so is being accessed during or after the socket
      has been zapped.  The zap code actually closes the fp and destroys the
      socket so this race results in a use-after-free and can cause a panic
      on the NFS server.
    
    * Zapping now shuts the socket down but does not close/destroy it.  The
      socket will be destroyed when the last ref on slp (aka nfssvc_sock)
      is dropped.
    
    * Re-check SLP_VALID in a few more places after potentially blocking.
      Other situations that might block are handled by the change in the
      zap code.

Summary of changes:
 sys/vfs/nfs/nfs_syscalls.c | 92 ++++++++++++++++++++++++++++++++--------------
 1 file changed, 64 insertions(+), 28 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/d33df46a67e8da799a4323092d4f626b4522b1ac


-- 
DragonFly BSD source repository


More information about the Commits mailing list