nfsd4_sequence() should not renew the client state if the session was not found or if there was a bad slot. This will also avoid dereferencing a null session pointer. Signed-off-by: Ricardo Labiaga <Ricardo.Labiaga@xxxxxxxxxx> --- fs/nfsd/nfs4state.c | 12 ++++++++---- 1 files changed, 8 insertions(+), 4 deletions(-) diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index c845365..e239c6e 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -1425,12 +1425,16 @@ nfsd4_sequence(struct svc_rqst *rqstp, spin_lock(&sessionid_lock); status = nfserr_badsession; session = find_in_sessionid_hashtbl(&seq->sessionid); - if (!session) - goto out; + if (!session) { + spin_unlock(&sessionid_lock); + goto err; + } status = nfserr_badslot; - if (seq->slotid >= session->se_fchannel.maxreqs) - goto out; + if (seq->slotid >= session->se_fchannel.maxreqs) { + spin_unlock(&sessionid_lock); + goto err; + } slot = &session->se_slots[seq->slotid]; dprintk("%s: slotid %d\n", __func__, seq->slotid); -- 1.5.4.3 -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html