Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / c68a027c05709330fe5b2f50c50d5fa02124b5d8
commitc68a027c05709330fe5b2f50c50d5fa02124b5d8[log] [tgz]
authorBenjamin Coddington <bcodding@redhat.com>Fri Nov 20 09:56:20 2015 -0500
committerTrond Myklebust <trond.myklebust@primarydata.com>Mon Nov 23 21:59:42 2015 -0500
tree42a72e774e63306c52ecd51d9c2314209a50bed0
parent91ab4b4d16e6649fbbf65f303c0c4e20ed680bd1 [diff]
nfs4: start callback_ident at idr 1

If clp->cl_cb_ident is zero, then nfs_cb_idr_remove_locked() skips removing
it when the nfs_client is freed.  A decoding or server bug can then find
and try to put that first nfs_client which would lead to a crash.

Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Fixes: d6870312659d ("nfs4client: convert to idr_alloc()")
Cc: stable@vger.kernel.org
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
1 file changed
tree: 42a72e774e63306c52ecd51d9c2314209a50bed0
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS