From 28356a1679006b110215596e057f304ef3083922 Mon Sep 17 00:00:00 2001 From: Steve French Date: Wed, 23 May 2007 14:45:36 +0000 Subject: [PATCH] [CIFS] Fix oops on failed cifs mount (in kthread_stop) If the cifs demultiplex thread wakes up and exits (zeroing server->tsk) before kthread_stop is called, the cifs_mount code could pass a null pointer to kthread_stop Thanks to akpm, Dave Young and Shaggy for suggesting earlier versions of this patch. CC: akpm@linux-foundatior.org Signed-off-by: Dave Young Signed-off-by: Dave Kleikamp Signed-off-by: Steve French --- fs/cifs/connect.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 216fb625843f..f6963d183c53 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c @@ -2069,8 +2069,15 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, srvTcp->tcpStatus = CifsExiting; spin_unlock(&GlobalMid_Lock); if (srvTcp->tsk) { + struct task_struct *tsk; + /* If we could verify that kthread_stop would + always wake up processes blocked in + tcp in recv_mesg then we could remove the + send_sig call */ send_sig(SIGKILL,srvTcp->tsk,1); - kthread_stop(srvTcp->tsk); + tsk = srvTcp->tsk; + if(tsk) + kthread_stop(srvTcp->tsk); } } /* If find_unc succeeded then rc == 0 so we can not end */ @@ -2085,8 +2092,11 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, /* if the socketUseCount is now zero */ if ((temp_rc == -ESHUTDOWN) && (pSesInfo->server) && (pSesInfo->server->tsk)) { + struct task_struct *tsk; send_sig(SIGKILL,pSesInfo->server->tsk,1); - kthread_stop(pSesInfo->server->tsk); + tsk = pSesInfo->server->tsk; + if(tsk) + kthread_stop(tsk); } } else cFYI(1, ("No session or bad tcon"));