Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / d19fb70dd68c4e960e2ac09b0b9c79dfdeefa726^! / . / fs / nfsd / nfs4layouts.c
commitd19fb70dd68c4e960e2ac09b0b9c79dfdeefa726[log] [tgz]
authorKinglong Mee <kinglongmee@gmail.com>Wed Jan 18 19:04:42 2017 +0800
committerJ. Bruce Fields <bfields@redhat.com>Tue Jan 31 12:29:24 2017 -0500
tree8ce91162810ddf366f475ca22861c705aea115fa
parent566cf877a1fcb6d6dc0126b076aad062054c2637 [diff] [blame]
NFSD: Fix a null reference case in find_or_create_lock_stateid()

nfsd assigns the nfs4_free_lock_stateid to .sc_free in init_lock_stateid().

If nfsd doesn't go through init_lock_stateid() and put stateid at end,
there is a NULL reference to .sc_free when calling nfs4_put_stid(ns).

This patch let the nfs4_stid.sc_free assignment to nfs4_alloc_stid().

Cc: stable@vger.kernel.org
Fixes: 356a95ece7aa "nfsd: clean up races in lock stateid searching..."
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>

diff --git a/fs/nfsd/nfs4layouts.c b/fs/nfsd/nfs4layouts.c
index 596205d..1fc07a9 100644
--- a/fs/nfsd/nfs4layouts.c
+++ b/fs/nfsd/nfs4layouts.c

@@ -223,10 +223,11 @@
 	struct nfs4_layout_stateid *ls;
 	struct nfs4_stid *stp;
 
-	stp = nfs4_alloc_stid(cstate->clp, nfs4_layout_stateid_cache);
+	stp = nfs4_alloc_stid(cstate->clp, nfs4_layout_stateid_cache,
+					nfsd4_free_layout_stateid);
 	if (!stp)
 		return NULL;
-	stp->sc_free = nfsd4_free_layout_stateid;
+
 	get_nfs4_file(fp);
 	stp->sc_file = fp;