commit fd40559c8657418385e42f797e0b04bfc0add748
author Trond Myklebust <trond.myklebust@primarydata.com> Tue Aug 01 16:02:47 2017 -0400
committer Anna Schumaker <Anna.Schumaker@Netapp.com> Tue Aug 01 16:28:55 2017 -0400
tree 2e90e12a96fc87b33c34be6082bf42be81322154
parent b7dbcc0e433f0f61acb89ed9861ec996be4f2b38

NFSv4: Fix EXCHANGE_ID corrupt verifier issue

The verifier is allocated on the stack, but the EXCHANGE_ID RPC call was
changed to be asynchronous by commit 8d89bd70bc939. If we interrrupt
the call to rpc_wait_for_completion_task(), we can therefore end up
transmitting random stack contents in lieu of the verifier.

Fixes: 8d89bd70bc939 ("NFS setup async exchange_id")
Cc: stable@vger.kernel.org # v4.9+
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>

fs/nfs/nfs4xdr.c

diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
index fa3eb36..37c8af0 100644
--- a/fs/nfs/nfs4xdr.c
+++ b/fs/nfs/nfs4xdr.c
@@ -1785,7 +1785,7 @@
 	int len = 0;
 
 	encode_op_hdr(xdr, OP_EXCHANGE_ID, decode_exchange_id_maxsz, hdr);
-	encode_nfs4_verifier(xdr, args->verifier);
+	encode_nfs4_verifier(xdr, &args->verifier);
 
 	encode_string(xdr, strlen(args->client->cl_owner_id),
 			args->client->cl_owner_id);