summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWeston Andros Adamson <dros@primarydata.com>2014-01-20 04:45:36 +0100
committerTrond Myklebust <trond.myklebust@primarydata.com>2014-01-21 00:08:06 +0100
commitabad2fa5ba67725a3f9c376c8cfe76fbe94a3041 (patch)
tree22bfdee1c9f9a7cc5b11ca9398b28fc10e73ca0d
parentNFSv4.1: Handle errors correctly in nfs41_walk_client_list (diff)
downloadlinux-abad2fa5ba67725a3f9c376c8cfe76fbe94a3041.tar.xz
linux-abad2fa5ba67725a3f9c376c8cfe76fbe94a3041.zip
nfs4: fix discover_server_trunking use after free
If clp is new (cl_count = 1) and it matches another client in nfs4_discover_server_trunking, the nfs_put_client will free clp before ->cl_preserve_clid is set. Cc: stable@vger.kernel.org # 3.7+ Signed-off-by: Weston Andros Adamson <dros@primarydata.com> Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
-rw-r--r--fs/nfs/nfs4client.c10
1 files changed, 4 insertions, 6 deletions
diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c
index 06e770ace073..73d4ecda1e36 100644
--- a/fs/nfs/nfs4client.c
+++ b/fs/nfs/nfs4client.c
@@ -414,13 +414,11 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp,
error = nfs4_discover_server_trunking(clp, &old);
if (error < 0)
goto error;
- nfs_put_client(clp);
- if (clp != old) {
- clp->cl_preserve_clid = true;
- clp = old;
- }
- return clp;
+ if (clp != old)
+ clp->cl_preserve_clid = true;
+ nfs_put_client(clp);
+ return old;
error:
nfs_mark_client_ready(clp, error);