[CIFS] Fix oops on failed cifs mount (in kthread_stop)

If the cifs demultiplex thread wakes up and exits (zeroing server->tsk) before kthread_stop is called, the cifs_mount code could pass a null pointer to kthread_stop Thanks to akpm, Dave Young and Shaggy for suggesting earlier versions of this patch. CC: akpm@linux-foundatior.org Signed-off-by: Dave Young <hidave.darkstar@gmail.com> Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
2007-05-23 14:45:36 +00:00 · 2007-05-23 14:45:36 +00:00 · 28356a1679
commit 28356a1679
parent ad9ddd66c6
1 changed files with 12 additions and 2 deletions
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@ -2069,8 +2069,15 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
 			srvTcp->tcpStatus = CifsExiting;
 			spin_unlock(&GlobalMid_Lock);
 			if (srvTcp->tsk) {
+				struct task_struct *tsk;
+				/* If we could verify that kthread_stop would
+				   always wake up processes blocked in
+				   tcp in recv_mesg then we could remove the
+				   send_sig call */
 				send_sig(SIGKILL,srvTcp->tsk,1);
-				kthread_stop(srvTcp->tsk);
+				tsk = srvTcp->tsk;
+				if(tsk)
+					kthread_stop(srvTcp->tsk);
 			}
 		}
 		 /* If find_unc succeeded then rc == 0 so we can not end */
@ -2085,8 +2092,11 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
 					/* if the socketUseCount is now zero */
 					if ((temp_rc == -ESHUTDOWN) &&
 					   (pSesInfo->server) && (pSesInfo->server->tsk)) {
+						struct task_struct *tsk;
 						send_sig(SIGKILL,pSesInfo->server->tsk,1);
-						kthread_stop(pSesInfo->server->tsk);
+						tsk = pSesInfo->server->tsk;
+						if(tsk)
+							kthread_stop(tsk);
 					}
 				} else
 					cFYI(1, ("No session or bad tcon"));