diff options
author | Weston Andros Adamson <dros@primarydata.com> | 2014-01-20 03:45:36 (GMT) |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2014-02-13 21:50:16 (GMT) |
commit | c39e05efd61f3159ab93d6f6abc55388ba680df7 (patch) | |
tree | d0f5b42fda49501e55eaaf78e29ed36bcd9ecc87 | |
parent | 1ec9b4651a4a5c2e50aafb4812dec2f7f0e65b0f (diff) | |
download | linux-fsl-qoriq-c39e05efd61f3159ab93d6f6abc55388ba680df7.tar.xz |
nfs4: fix discover_server_trunking use after free
commit abad2fa5ba67725a3f9c376c8cfe76fbe94a3041 upstream.
If clp is new (cl_count = 1) and it matches another client in
nfs4_discover_server_trunking, the nfs_put_client will free clp before
->cl_preserve_clid is set.
Signed-off-by: Weston Andros Adamson <dros@primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r-- | fs/nfs/nfs4client.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c index 1742d77..8a572dd 100644 --- a/fs/nfs/nfs4client.c +++ b/fs/nfs/nfs4client.c @@ -407,13 +407,11 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp, error = nfs4_discover_server_trunking(clp, &old); if (error < 0) goto error; - nfs_put_client(clp); - if (clp != old) { - clp->cl_preserve_clid = true; - clp = old; - } - return clp; + if (clp != old) + clp->cl_preserve_clid = true; + nfs_put_client(clp); + return old; error: nfs_mark_client_ready(clp, error); |