[PATCH] v9fs: fix fd_close
authorEric Van Hensbergen <ericvh@gmail.com>
Sun, 8 Jan 2006 09:04:56 +0000 (01:04 -0800)
committerLinus Torvalds <torvalds@g5.osdl.org>
Mon, 9 Jan 2006 04:14:05 +0000 (20:14 -0800)
If a 9pfs server crashes, v9fs_fd_close() is called.  Subsequently, in
cleaning up by performing a umount() on the FS that was provided by this
server v9fs_fd_close() is called again, and uses the old, freed valus of
trans->priv.  This patch ensures that trans->priv can be freed only once,
otherwise this function bails early.

Signed-off-by: Michal Ostrowski <mostrows@watson.ibm.com>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
fs/9p/trans_fd.c

index 63b58ce98ff45cbc4c1f19eb668b8fb61f18b706..b7ffb98595881f31f0c40cb7b6d519ee3050c3ed 100644 (file)
@@ -148,12 +148,12 @@ static void v9fs_fd_close(struct v9fs_transport *trans)
        if (!trans)
                return;
 
-       trans->status = Disconnected;
-       ts = trans->priv;
+       ts = xchg(&trans->priv, NULL);
 
        if (!ts)
                return;
 
+       trans->status = Disconnected;
        if (ts->in_file)
                fput(ts->in_file);