From d4a96bec7a7362834ef5c31d7b2cc9bf36eb0570 Mon Sep 17 00:00:00 2001 From: David Howells Date: Thu, 10 May 2018 08:43:04 +0100 Subject: afs: Fix refcounting in callback registration The refcounting on afs_cb_interest struct objects in afs_register_server_cb_interest() is wrong as it uses the server list entry's call back interest pointer without regard for the fact that it might be replaced at any time and the object thrown away. Fix this by: (1) Put a lock on the afs_server_list struct that can be used to mediate access to the callback interest pointers in the servers array. (2) Keep a ref on the callback interest that we get from the entry. (3) Dropping the old reference held by vnode->cb_interest if we replace the pointer. Fixes: c435ee34551e ("afs: Overhaul the callback handling") Signed-off-by: David Howells --- fs/afs/rotate.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'fs/afs/rotate.c') diff --git a/fs/afs/rotate.c b/fs/afs/rotate.c index ac0feac9d746..4a26d51b2968 100644 --- a/fs/afs/rotate.c +++ b/fs/afs/rotate.c @@ -350,8 +350,8 @@ use_server: * break request before we've finished decoding the reply and * installing the vnode. */ - fc->ac.error = afs_register_server_cb_interest( - vnode, &fc->server_list->servers[fc->index]); + fc->ac.error = afs_register_server_cb_interest(vnode, fc->server_list, + fc->index); if (fc->ac.error < 0) goto failed; -- cgit v1.2.3