SUNRPC: Fix potential race in put_rpccred()

We have to be careful when we try to unhash the credential in put_rpccred(), because we're not holding the credcache lock, so the call to rpcauth_unhash_cred() may fail if someone else has looked the cred up, and obtained a reference to it. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

SUNRPC: Fix potential race in put_rpccred()
We have to be careful when we try to unhash the credential in put_rpccred(), because we're not holding the credcache lock, so the call to rpcauth_unhash_cred() may fail if someone else has looked the cred up, and obtained a reference to it. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Trond Myklebust
1 parent eac0d18d44
Showing 1 changed file with 1 additions and 1 deletions Side-by-side Diff
net/sunrpc/auth.c
@@ -455,7 +455,7 @@
 	}
 	if (test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) == 0)
 		rpcauth_unhash_cred(cred);
-	else if (test_bit(RPCAUTH_CRED_HASHED, &cred->cr_flags) != 0) {
+	if (test_bit(RPCAUTH_CRED_HASHED, &cred->cr_flags) != 0) {
 		cred->cr_expire = jiffies;
 		list_add_tail(&cred->cr_lru, &cred_unused);
 		number_cred_unused++;
...	...	@@ -455,7 +455,7 @@
455	455	}
456	456	if (test_bit(RPCAUTH_CRED_UPTODATE, &cred->cr_flags) == 0)
457	457	rpcauth_unhash_cred(cred);
458		- else if (test_bit(RPCAUTH_CRED_HASHED, &cred->cr_flags) != 0) {
	458	+ if (test_bit(RPCAUTH_CRED_HASHED, &cred->cr_flags) != 0) {
459	459	cred->cr_expire = jiffies;
460	460	list_add_tail(&cred->cr_lru, &cred_unused);
461	461	number_cred_unused++;