git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Chuck Lever <chuck.lever@oracle.com>
	Wed, 28 Jan 2026 15:19:27 +0000 (10:19 -0500)
committer	Chuck Lever <chuck.lever@oracle.com>
	Mon, 30 Mar 2026 01:25:09 +0000 (21:25 -0400)
commit	840621fd2ff23ada8b9262d90477e75232566e6b
tree	ddfbbfa7f5d7f374a5dc61de0bbb96ae00f5de2b	tree \| snapshot
parent	efb5b15e3b78f5644dd2d4ddec8880e0c9aa5b5f	commit \| diff

NFS: Use nlmclnt_shutdown_rpc_clnt() to safely shut down NLM

A race condition exists in shutdown_store() when writing to the sysfs
"shutdown" file concurrently with nlm_shutdown_hosts_net(). Without
synchronization, the following sequence can occur:

  1. shutdown_store() reads server->nlm_host (non-NULL)
  2. nlm_shutdown_hosts_net() acquires nlm_host_mutex, calls
     rpc_shutdown_client(), sets h_rpcclnt to NULL, and potentially
     frees the host via nlm_gc_hosts()
  3. shutdown_store() dereferences the now-stale or freed host

Introduce nlmclnt_shutdown_rpc_clnt(), which acquires nlm_host_mutex
before accessing h_rpcclnt. This synchronizes with
nlm_shutdown_hosts_net() and ensures the rpc_clnt pointer remains
valid during the shutdown operation.

This change also improves API layering: NFS client code no longer
needs to include the internal lockd header to access nlm_host fields.
The new helper resides in bind.h alongside other public lockd
interfaces.

Reported-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

fs/lockd/host.c		diff \| blob \| blame \| history
fs/nfs/sysfs.c		diff \| blob \| blame \| history
include/linux/lockd/bind.h		diff \| blob \| blame \| history