smb: client: fix potential race in cifs_put_tcon()

dfs_cache_refresh() delayed worker could race with cifs_put_tcon(), so
make sure to call list_replace_init() on @tcon->dfs_ses_list after
kworker is cancelled or finished.

Fixes: 4f42a8b54b5c ("smb: client: fix DFS interlink failover")
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>

diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c
index 56b3a9eb9b05558e358df735b326a19d0ea9fd84..2372538a12118980a3bffb6f5ba531b8e71c3aea 100644 (file)
--- a/fs/smb/client/connect.c
+++ b/fs/smb/client/connect.c
@@ -2532,9 +2532,6 @@ cifs_put_tcon(struct cifs_tcon *tcon, enum smb3_tcon_ref_trace trace)
 
        list_del_init(&tcon->tcon_list);
        tcon->status = TID_EXITING;
-#ifdef CONFIG_CIFS_DFS_UPCALL
-       list_replace_init(&tcon->dfs_ses_list, &ses_list);
-#endif
        spin_unlock(&tcon->tc_lock);
        spin_unlock(&cifs_tcp_ses_lock);
 
@@ -2542,6 +2539,7 @@ cifs_put_tcon(struct cifs_tcon *tcon, enum smb3_tcon_ref_trace trace)
        cancel_delayed_work_sync(&tcon->query_interfaces);
 #ifdef CONFIG_CIFS_DFS_UPCALL
        cancel_delayed_work_sync(&tcon->dfs_cache_work);
+       list_replace_init(&tcon->dfs_ses_list, &ses_list);
 #endif
 
        if (tcon->use_witness) {