Commit 32b007b4 authored by J. Bruce Fields's avatar J. Bruce Fields

nfsd4: fix bad pointer on failure to find delegation

In case of a nonempty list, the return on error here is obviously bogus;
it ends up being a pointer to the list head instead of to any valid
delegation on the list.

In particular, if nfsd4_delegreturn() hits this case, and you're quite unlucky,
then renew_client may oops, and it may take an embarassingly long time to
figure out why.  Facepalm.

BUG: unable to handle kernel NULL pointer dereference at 0000000000000090
IP: [<ffffffff81292965>] nfsd4_delegreturn+0x125/0x200
...

Cc: stable@kernel.org
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent 2c9c8f36
...@@ -2445,15 +2445,16 @@ nfs4_check_delegmode(struct nfs4_delegation *dp, int flags) ...@@ -2445,15 +2445,16 @@ nfs4_check_delegmode(struct nfs4_delegation *dp, int flags)
static struct nfs4_delegation * static struct nfs4_delegation *
find_delegation_file(struct nfs4_file *fp, stateid_t *stid) find_delegation_file(struct nfs4_file *fp, stateid_t *stid)
{ {
struct nfs4_delegation *dp = NULL; struct nfs4_delegation *dp;
spin_lock(&recall_lock); spin_lock(&recall_lock);
list_for_each_entry(dp, &fp->fi_delegations, dl_perfile) { list_for_each_entry(dp, &fp->fi_delegations, dl_perfile)
if (dp->dl_stateid.si_stateownerid == stid->si_stateownerid) if (dp->dl_stateid.si_stateownerid == stid->si_stateownerid) {
break;
}
spin_unlock(&recall_lock); spin_unlock(&recall_lock);
return dp; return dp;
}
spin_unlock(&recall_lock);
return NULL;
} }
int share_access_to_flags(u32 share_access) int share_access_to_flags(u32 share_access)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment