[PATCH] v9fs: fix fd_close
If a 9pfs server crashes, v9fs_fd_close() is called. Subsequently, in
cleaning up by performing a umount() on the FS that was provided by this
server v9fs_fd_close() is called again, and uses the old, freed valus of
trans->priv. This patch ensures that trans->priv can be freed only once,
otherwise this function bails early.
Signed-off-by: Michal Ostrowski <mostrows@watson.ibm.com>
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
diff --git a/fs/9p/trans_fd.c b/fs/9p/trans_fd.c
index 63b58ce..b7ffb98 100644
--- a/fs/9p/trans_fd.c
+++ b/fs/9p/trans_fd.c
@@ -148,12 +148,12 @@
if (!trans)
return;
- trans->status = Disconnected;
- ts = trans->priv;
+ ts = xchg(&trans->priv, NULL);
if (!ts)
return;
+ trans->status = Disconnected;
if (ts->in_file)
fput(ts->in_file);