[NFS-Ganesha-Devel] [S] Change in ...nfs-ganesha[next]: [unexport] : NFSv3 stop new IO's when unexport in progress.

deeraj.patil(a)ibm.com has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1232497?usp=email ) Change subject: [unexport] : NFSv3 stop new IO's when unexport in progress. ...................................................................... [unexport] : NFSv3 stop new IO's when unexport in progress. mdcache_locate_host is called for every NFS request (NFSv3 and NFSv4) that carries a file handle via create_handle. On a cache hit it returns the cached entry without checking whether the current export is being unexported or whether the entry is still mapped to the requesting export. A concurrent NFSv3 request arriving while mdcache_unexport is removing entries can receive a valid-looking entry whose backing export is being freed. The caller then proceeds to reopen_fsal_fd, re-inserting a FD into the global LRU under the dying export's fsal_export pointer, eventually causing a use-after-free in the LRU reaper. After a cache hit, call mdc_check_mapping() to verify the entry is still mapped to the current export and MDC_UNEXPORT is not set. Change-Id: I5b0b0f74a71977dab27045029f38a0f3309af5d4 Signed-off-by: Deeraj.Patil <Deeraj.Patil(a)ibm.com&gt; --- M src/FSAL/Stackable_FSALs/FSAL_MDCACHE/mdcache_helpers.c 1 file changed, 24 insertions(+), 0 deletions(-) git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/97/1232497/1 -- To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1232497?usp=email To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: ffilz/nfs-ganesha Gerrit-Branch: next Gerrit-Change-Id: I5b0b0f74a71977dab27045029f38a0f3309af5d4 Gerrit-Change-Number: 1232497 Gerrit-PatchSet: 1 Gerrit-Owner: deeraj.patil(a)ibm.com