[CIFS] Fix oops on failed cifs mount (in kthread_stop)

If the cifs demultiplex thread wakes up and exits
(zeroing server->tsk) before kthread_stop is called, the
cifs_mount code could pass a null pointer to kthread_stop

Thanks to akpm, Dave Young and Shaggy for suggesting
earlier versions of this patch.

CC: akpm@linux-foundatior.org
Signed-off-by: Dave Young <hidave.darkstar@gmail.com>
Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>

1 files changed, 12 insertions, 2 deletions

diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 216fb625843f..f6963d183c53 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2069,8 +2069,15 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
 			srvTcp->tcpStatus = CifsExiting;
 			spin_unlock(&GlobalMid_Lock);
 			if (srvTcp->tsk) {
+				struct task_struct *tsk;
+				/* If we could verify that kthread_stop would
+				   always wake up processes blocked in
+				   tcp in recv_mesg then we could remove the
+				   send_sig call */
 				send_sig(SIGKILL,srvTcp->tsk,1);
-				kthread_stop(srvTcp->tsk);
+				tsk = srvTcp->tsk;
+				if(tsk)
+					kthread_stop(srvTcp->tsk);
 			}
 		}
 		 /* If find_unc succeeded then rc == 0 so we can not end */
@@ -2085,8 +2092,11 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
 					/* if the socketUseCount is now zero */
 					if ((temp_rc == -ESHUTDOWN) &&
 					   (pSesInfo->server) && (pSesInfo->server->tsk)) {
+						struct task_struct *tsk;
 						send_sig(SIGKILL,pSesInfo->server->tsk,1);
-						kthread_stop(pSesInfo->server->tsk);
+						tsk = pSesInfo->server->tsk;
+						if(tsk)
+							kthread_stop(tsk);
 					}
 				} else
 					cFYI(1, ("No session or bad tcon"));