Re: [stable] patch "[PATCH] nfsd4: fix bad pointer on failure to find delegation" failed to apply to .37-stable tree

Thu, 10 Mar 2011 10:16:46 -0800 

On Wed, Mar 09, 2011 at 03:20:29PM -0800, [email protected] wrote:
> The patch below does not apply to the .37-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <[email protected]>.

I missed the fact that this was only a very recent regression (from
acfd5c383b38, in 38-rc5).  So,  yes, you should just ignore
it--apologies for the noise!

--b.

> 
> thanks,
> 
> greg k-h
> 
> ------------------ original commit in Linus's tree ------------------
> 
> From 32b007b4e19b50ff4d27ea8b69cd6d744cfec86b Mon Sep 17 00:00:00 2001
> From: J. Bruce Fields <[email protected]>
> Date: Sun, 6 Mar 2011 19:11:03 -0500
> Subject: [PATCH] nfsd4: fix bad pointer on failure to find delegation
> 
> In case of a nonempty list, the return on error here is obviously bogus;
> it ends up being a pointer to the list head instead of to any valid
> delegation on the list.
> 
> In particular, if nfsd4_delegreturn() hits this case, and you're quite 
> unlucky,
> then renew_client may oops, and it may take an embarassingly long time to
> figure out why.  Facepalm.
> 
> BUG: unable to handle kernel NULL pointer dereference at 0000000000000090
> IP: [<ffffffff81292965>] nfsd4_delegreturn+0x125/0x200
> ...
> 
> Cc: [email protected]
> Signed-off-by: J. Bruce Fields <[email protected]>
> 
> diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
> index 54b60bf..7b566ec 100644
> --- a/fs/nfsd/nfs4state.c
> +++ b/fs/nfsd/nfs4state.c
> @@ -2445,15 +2445,16 @@ nfs4_check_delegmode(struct nfs4_delegation *dp, int 
> flags)
>  static struct nfs4_delegation *
>  find_delegation_file(struct nfs4_file *fp, stateid_t *stid)
>  {
> -     struct nfs4_delegation *dp = NULL;
> +     struct nfs4_delegation *dp;
>  
>       spin_lock(&recall_lock);
> -     list_for_each_entry(dp, &fp->fi_delegations, dl_perfile) {
> -             if (dp->dl_stateid.si_stateownerid == stid->si_stateownerid)
> -                     break;
> -     }
> +     list_for_each_entry(dp, &fp->fi_delegations, dl_perfile)
> +             if (dp->dl_stateid.si_stateownerid == stid->si_stateownerid) {
> +                     spin_unlock(&recall_lock);
> +                     return dp;
> +             }
>       spin_unlock(&recall_lock);
> -     return dp;
> +     return NULL;
>  }
>  
>  int share_access_to_flags(u32 share_access)
> 

_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable

Reply via email to