Commit 6b8ba437 authored by Neil Brown's avatar Neil Brown Committed by Linus Torvalds

[PATCH] kNFSd: rsc_lookup simplification

rsc_lookup is a bit complicated: it either takes responsibility for the memory
pointed to by handle.data and sets handle.data to NULL, or it leaves
handle.data unchanged, in which case the caller is responsible for freeing
handle.data.  I forgot that the possibility of inserting a negative cache
entry into the cache meant that this could happen even when rsc_lookup is
called with set == 0.

Note that the ip_map code has the same bug, not that it seems to matter much,
since the memory in question in that case is always just a statically
allocated string.

From: "J. Bruce Fields" <bfields@fieldses.org>
Signed-off-by: default avatarNeil Brown <neilb@cse.unsw.edu.au>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 1e81dda9
...@@ -333,6 +333,7 @@ rsc_init(struct rsc *new, struct rsc *tmp) ...@@ -333,6 +333,7 @@ rsc_init(struct rsc *new, struct rsc *tmp)
new->handle.data = tmp->handle.data; new->handle.data = tmp->handle.data;
tmp->handle.data = NULL; tmp->handle.data = NULL;
new->mechctx = NULL; new->mechctx = NULL;
new->cred.cr_group_info = NULL;
} }
static inline void static inline void
...@@ -453,8 +454,11 @@ gss_svc_searchbyctx(struct xdr_netobj *handle) ...@@ -453,8 +454,11 @@ gss_svc_searchbyctx(struct xdr_netobj *handle)
struct rsc rsci; struct rsc rsci;
struct rsc *found; struct rsc *found;
rsci.handle = *handle; memset(&rsci, 0, sizeof(rsci));
if (dup_to_netobj(&rsci.handle, handle->data, handle->len))
return NULL;
found = rsc_lookup(&rsci, 0); found = rsc_lookup(&rsci, 0);
rsc_free(&rsci);
if (!found) if (!found)
return NULL; return NULL;
if (cache_check(&rsc_cache, &found->h, NULL)) if (cache_check(&rsc_cache, &found->h, NULL))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment