We've had some sporradic reports of problems recently where the ses->server pointers have been NULL. That pointer should only get set to NULL when cifs_demultiplex_thread exits. That should only happen when the last reference to it is put. If it gets cleaned up before then, other structures will hold pointers to it, and we'll get NULL pointer dereferences. Unfortunately, there are some places in cifs_demuliplex_thread where this rule is broken. In certain error conditions, cifsd will exit even though the reference count hasn't gone to zero yet. This patchset is intended to close these holes. With it, cifsd should only exit when the last reference to it is put. Exiting from the loop early is a serious error that's likely to cause an oops. I think we ought to consider this patchset for 2.6.36 and maybe for stable. Thoughts? Jeff Layton (3): cifs: prevent cifsd from exiting prematurely cifs: eliminate some more premature cifsd exits cifs: prevent possible memory corruption in cifs_demultiplex_thread fs/cifs/cifsproto.h | 3 +- fs/cifs/connect.c | 58 +++++++++++++++++--------------------------------- fs/cifs/netmisc.c | 22 +++++++++++-------- 3 files changed, 35 insertions(+), 48 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
