Re: [Patch] Possible dereference in fs/nfsd/nfs4callback.c

From: Valdis . Kletnieks
Date: Tue Sep 26 2006 - 09:17:52 EST

Next message: Dmitry Torokhov: "Re: [PATCH 26/47] Driver core: add groups support to struct device"
Previous message: Alan Cox: "Re: [git patches] libata fixes (incl. oops fix)"
In reply to: Chuck Lever: "Re: [Patch] Possible dereference in fs/nfsd/nfs4callback.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 26 Sep 2006 12:30:59 +0200, Eric Sesterhenn said:

> we set cb->cb_client to NULL and pass it to rpc_shutdown_client() which dereferences it.
> The easy fix below.

> out_clnt:
> - rpc_shutdown_client(cb->cb_client);
> + if (cb->cb_client)
> + rpc_shutdown_client(cb->cb_client);

OK, I admit not knowing the NFS code well, but this one looks suspiciously
like "easy paper-over" rather than "easy fix". Is there other cod elsewhere
that guards this case from ever actually happening? If it *does* happen,
is it indicative of major borkage and we really should do something like:

if (cb->cb_client)
rpm_shutdown_client(cb->cb_client)
else
printk(KERN_ERR "Yowza - trashed NFS control structures...");

or even maybe a more drastic action (oops/panic)?

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Dmitry Torokhov: "Re: [PATCH 26/47] Driver core: add groups support to struct device"
Previous message: Alan Cox: "Re: [git patches] libata fixes (incl. oops fix)"
In reply to: Chuck Lever: "Re: [Patch] Possible dereference in fs/nfsd/nfs4callback.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]