Re: [PATCH] sunrpc/auth_gss: NULL pointer deref in gss_pipe_release()

From: Alex Polvi
Date: Tue Aug 01 2006 - 21:08:06 EST

Next message: Dmitry Torokhov: "Re: get_device in device_create_file"
Previous message: Dave Jones: "Re: deprecate and convert some sleep_on variants."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 7/31/06, Trond Myklebust <trond.myklebust@xxxxxxxxxx> wrote:

On Mon, 2006-07-31 at 10:50 -0400, Alex Polvi wrote:
> Proposed (trivial) patch to fix a NULL pointer deref in
> gss_pipe_release(). While this does seem to fix the problem, I'm not
> entirely sure it is the correct place to handle the NULL pointer.
>
> Included below is the script I used to recreate the problem, the oops,
> and the patch.

Sorry, but that is not the correct fix. The problem here is rather that
something is causing us to call rpc_close_pipes() on the file after the
call to gss_destroy(). That is supposed to be illegal.

Would you be willing to explain what should happen? I.e. what is the
lifecycle of an RPC inode?

Thanks,

-Alex
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dmitry Torokhov: "Re: get_device in device_create_file"
Previous message: Dave Jones: "Re: deprecate and convert some sleep_on variants."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]