Al Viro c1b967d03c nfs: fix UAF on pathwalk running into umount
NFS ->d_revalidate(), ->permission() and ->get_link() need to access
some parts of nfs_server when called in RCU mode:
	server->flags
	server->caps
	*(server->io_stats)
and, worst of all, call
	server->nfs_client->rpc_ops->have_delegation
(the last one - as NFS_PROTO(inode)->have_delegation()).  We really
don't want to RCU-delay the entire nfs_free_server() (it would have
to be done with schedule_work() from RCU callback, since it can't
be made to run from interrupt context), but actual freeing of
nfs_server and ->io_stats can be done via call_rcu() just fine.
nfs_client part is handled simply by making nfs_free_client() use
kfree_rcu().

Acked-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2024-02-25 02:10:32 -05:00
..
2024-01-10 16:13:57 -08:00
2024-01-10 16:13:57 -08:00
2023-03-06 09:57:12 +01:00
2023-03-06 09:57:12 +01:00
2023-11-08 13:39:16 -08:00
2023-10-09 16:24:20 +02:00
2023-11-08 13:39:16 -08:00
2023-08-19 10:26:29 -04:00
2024-01-10 16:13:57 -08:00