Re: [V9fs-developer] [PATCH] net/9p/client.c: put refcount of trans_mod in error case in parse_opts()

[Dominique Martinet]

Andrew,

there seem to be some renew of interest in 9P lately, so if you'd like I
can take care of rounding these up and prepare a pull request for 4.19
(as we're already well into 4.18 release cycle, I believe most of the
patches can wait)

This patch however I consider important enough to take for 4.18 so could
you please grab it for now?

I've gathered the Review tags and added my own, feel free to change my
Reviewed-and-tested-by tag to Signed-off-by if it seems more appropriate
as I'm actively pushing for this patch.

piaojun wrote on Fri, Jul 06, 2018:
> >From my test, the second mount will fail after umounting successfully.
> The reason is that we put refcount of trans_mod in the correct case rather
> than the error case in parse_opts() at last. That will cause the refcount
> decrease to -1, and when we try to get trans_mod again in
> try_module_get(), we could only increase refcount to 0 which will cause
> failure as follows:
> parse_opts
>   v9fs_get_trans_by_name
>     try_module_get : return NULL to caller which cause error
> 
> So we should put refcount of trans_mod in error case.
> 
> Fixes: 9421c3e64137ec ("net/9p/client.c: fix potential refcnt problem of trans module")
> 
> Signed-off-by: Jun Piao <piaojun@xxxxxxxxxx>
Reviewed-by: Yiwen Jiang <jiangyiwen@xxxxxxxxxx>
Reviewed-by: Greg Kurz <groug@xxxxxxxx>
Reviewed-and-tested-by: Dominique Martinet <dominique.martinet@xxxxxx>

> ---
>  net/9p/client.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/net/9p/client.c b/net/9p/client.c
> index 18c5271..5c13431 100644
> --- a/net/9p/client.c
> +++ b/net/9p/client.c
> @@ -225,7 +225,8 @@ static int parse_opts(char *opts, struct p9_client *clnt)
>  	}
> 
>  free_and_return:
> -	v9fs_put_trans(clnt->trans_mod);
> +	if (ret)
> +		v9fs_put_trans(clnt->trans_mod);
>  	kfree(tmp_options);
>  	return ret;
>  }

Thanks,
-- 
Dominique Martinet