[PATCH 0/3] cifs: stop cifsd from exiting prematurely

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



We've had some sporradic reports of problems recently where the
ses->server pointers have been NULL. That pointer should only get set to
NULL when cifs_demultiplex_thread exits. That should only happen when
the last reference to it is put. If it gets cleaned up before then,
other structures will hold pointers to it, and we'll get NULL pointer
dereferences.

Unfortunately, there are some places in cifs_demuliplex_thread where
this rule is broken. In certain error conditions, cifsd will exit even
though the reference count hasn't gone to zero yet. This patchset is
intended to close these holes. With it, cifsd should only exit when the
last reference to it is put.

Exiting from the loop early is a serious error that's likely to cause an
oops. I think we ought to consider this patchset for 2.6.36 and maybe
for stable.

Thoughts?

Jeff Layton (3):
  cifs: prevent cifsd from exiting prematurely
  cifs: eliminate some more premature cifsd exits
  cifs: prevent possible memory corruption in cifs_demultiplex_thread

 fs/cifs/cifsproto.h |    3 +-
 fs/cifs/connect.c   |   58 +++++++++++++++++---------------------------------
 fs/cifs/netmisc.c   |   22 +++++++++++--------
 3 files changed, 35 insertions(+), 48 deletions(-)

--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux