On Feb 16, 2012, at 3:43 PM, Myklebust, Trond wrote:
> On Thu, 2012-02-16 at 11:17 -0500, Weston Andros Adamson wrote:
>> server_scope would never be freed if nfs4_check_cl_exchange_flags() returned
>> non-zero
>>
>> Signed-off-by: Weston Andros Adamson <dros@xxxxxxxxxx>
>> ---
>> fs/nfs/nfs4proc.c | 15 +++++++++------
>> 1 files changed, 9 insertions(+), 6 deletions(-)
>>
>> diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
>> index 87c584d..20c3bb0 100644
>> --- a/fs/nfs/nfs4proc.c
>> +++ b/fs/nfs/nfs4proc.c
>> @@ -4945,8 +4945,10 @@ int nfs4_proc_exchange_id(struct nfs_client *clp, struct rpc_cred *cred)
>> clp->cl_rpcclient->cl_auth->au_flavor);
>>
>> res.server_scope = kzalloc(sizeof(struct server_scope), GFP_KERNEL);
>> - if (unlikely(!res.server_scope))
>> - return -ENOMEM;
>> + if (unlikely(!res.server_scope)) {
>> + status = -ENOMEM;
>> + goto out;
>> + }
>>
>> status = rpc_call_sync(clp->cl_rpcclient, &msg, RPC_TASK_TIMEOUT);
>> if (!status)
>> @@ -4963,12 +4965,13 @@ int nfs4_proc_exchange_id(struct nfs_client *clp, struct rpc_cred *cred)
>> clp->server_scope = NULL;
>> }
>>
>> - if (!clp->server_scope)
>> + if (!clp->server_scope) {
>> clp->server_scope = res.server_scope;
>> - else
>> - kfree(res.server_scope);
>> + goto out;
>> + }
>> }
>> -
>> + kfree(res.server_scope);
>> +out:
>> dprintk("<-- %s status= %d\n", __func__, status);
>> return status;
>> }
>
> This looks like it is a bug in existing kernels. Should I queue it up
> for stable@xxxxxxxxxxxxxxx?
Yes, I should have mentioned that!
-dros
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
