On Tue, 26 Sep 2006 12:30:59 +0200, Eric Sesterhenn said: > we set cb->cb_client to NULL and pass it to rpc_shutdown_client() which dereferences it. > The easy fix below. > out_clnt: > - rpc_shutdown_client(cb->cb_client); > + if (cb->cb_client) > + rpc_shutdown_client(cb->cb_client); OK, I admit not knowing the NFS code well, but this one looks suspiciously like "easy paper-over" rather than "easy fix". Is there other cod elsewhere that guards this case from ever actually happening? If it *does* happen, is it indicative of major borkage and we really should do something like: if (cb->cb_client) rpm_shutdown_client(cb->cb_client) else printk(KERN_ERR "Yowza - trashed NFS control structures..."); or even maybe a more drastic action (oops/panic)?
Attachment:
pgpIdpYiQyZ2t.pgp
Description: PGP signature
- References:
- [Patch] Possible dereference in fs/nfsd/nfs4callback.c
- From: Eric Sesterhenn <[email protected]>
- [Patch] Possible dereference in fs/nfsd/nfs4callback.c
- Prev by Date: Re: [git patches] libata fixes (incl. oops fix)
- Next by Date: Re: [PATCH 26/47] Driver core: add groups support to struct device
- Previous by thread: Re: [Patch] Possible dereference in fs/nfsd/nfs4callback.c
- Next by thread: [Patch] Possible dereference in drivers/infiniband/hw/amso1100/c2_cm.c
- Index(es):
 |