On Mon, 2010-11-22 at 12:15 -0500, Chuck Lever wrote: > Hi- > > On Nov 22, 2010, at 7:40 AM, Wengang Wang wrote: > > > nlmclnt_proc() is neither releasing nlm_rqst nor dropping the ref on nlm_host. > > Do the release work though I am not sure if it can really hit the situation. > > Based on casual code review, the only case where this is a possibility is the "out_unlock" label in nlmclnt_lock(). Otherwise, this patch introduces a double release in other cases, doesn't it? No. It only occurs if !IS_GETLK(cmd) && !IS_SETLK(cmd) && ! IS_SETLKW(cmd). The VFS should ensure this never happens, so I don't think this is an exploitable bug. The question therefore is: do we add this fix, or do we just remove the -EINVAL error condition and replace it by a BUG()? Cheers Trond -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
