diff options
| author | Weston Andros Adamson <dros@primarydata.com> | 2014-01-19 22:45:36 -0500 |
|---|---|---|
| committer | Trond Myklebust <trond.myklebust@primarydata.com> | 2014-01-20 18:08:06 -0500 |
| commit | abad2fa5ba67725a3f9c376c8cfe76fbe94a3041 (patch) | |
| tree | 22bfdee1c9f9a7cc5b11ca9398b28fc10e73ca0d /fs | |
| parent | 64590daa9e0dfb3aad89e3ab9230683b76211d5b (diff) | |
nfs4: fix discover_server_trunking use after free
If clp is new (cl_count = 1) and it matches another client in
nfs4_discover_server_trunking, the nfs_put_client will free clp before
->cl_preserve_clid is set.
Cc: stable@vger.kernel.org # 3.7+
Signed-off-by: Weston Andros Adamson <dros@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/nfs/nfs4client.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c index 06e770ace073..73d4ecda1e36 100644 --- a/fs/nfs/nfs4client.c +++ b/fs/nfs/nfs4client.c | |||
| @@ -414,13 +414,11 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp, | |||
| 414 | error = nfs4_discover_server_trunking(clp, &old); | 414 | error = nfs4_discover_server_trunking(clp, &old); |
| 415 | if (error < 0) | 415 | if (error < 0) |
| 416 | goto error; | 416 | goto error; |
| 417 | nfs_put_client(clp); | ||
| 418 | if (clp != old) { | ||
| 419 | clp->cl_preserve_clid = true; | ||
| 420 | clp = old; | ||
| 421 | } | ||
| 422 | 417 | ||
| 423 | return clp; | 418 | if (clp != old) |
| 419 | clp->cl_preserve_clid = true; | ||
| 420 | nfs_put_client(clp); | ||
| 421 | return old; | ||
| 424 | 422 | ||
| 425 | error: | 423 | error: |
| 426 | nfs_mark_client_ready(clp, error); | 424 | nfs_mark_client_ready(clp, error); |