Re: [PATCH] nfsd: prevent NULL ptr derefs on fault injection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Nov 27, 2012 at 11:31:11AM -0500, Sasha Levin wrote:
> A recent patch series has moved hashtable initialization to when the net
> struct is initialized.
> 
> When injecting faults, we tried accessing the hashtables even if the struct
> wasn't really initialized (nfsd wasn't in use) - this caused a NULL ptr
> deref.

Thanks, adding Bryan to cc.--b.

> 
> A simple test would be:
> 
> 	echo 1 > /sys/kernel/debug/nfsd/forget_locks
> 
> Signed-off-by: Sasha Levin <sasha.levin@xxxxxxxxxx>
> ---
>  fs/nfsd/netns.h     | 3 +++
>  fs/nfsd/nfs4state.c | 9 +++++++++
>  2 files changed, 12 insertions(+)
> 
> diff --git a/fs/nfsd/netns.h b/fs/nfsd/netns.h
> index 227b93e..c5806a57 100644
> --- a/fs/nfsd/netns.h
> +++ b/fs/nfsd/netns.h
> @@ -83,5 +83,8 @@ struct nfsd_net {
>  	struct delayed_work laundromat_work;
>  };
>  
> +/* Simple check to find out if a given net was properly initialized */
> +#define nfsd_netns_ready(nn) ((nn)->sessionid_hashtbl)
> +
>  extern int nfsd_net_id;
>  #endif /* __NFSD_NETNS_H__ */
> diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
> index e75872f..0e7428c 100644
> --- a/fs/nfsd/nfs4state.c
> +++ b/fs/nfsd/nfs4state.c
> @@ -4598,6 +4598,9 @@ void nfsd_forget_clients(u64 num)
>  	int count = 0;
>  	struct nfsd_net *nn = net_generic(current->nsproxy->net_ns, nfsd_net_id);
>  
> +	if (!nfsd_netns_ready(nn))
> +		return;
> +
>  	nfs4_lock_state();
>  	list_for_each_entry_safe(clp, next, &nn->client_lru, cl_lru) {
>  		expire_client(clp);
> @@ -4643,6 +4646,9 @@ void nfsd_forget_locks(u64 num)
>  	int count;
>  	struct nfsd_net *nn = net_generic(&init_net, nfsd_net_id);
>  
> +	if (!nfsd_netns_ready(nn))
> +		return;
> +
>  	nfs4_lock_state();
>  	count = nfsd_release_n_owners(num, false, release_lockowner_sop, nn);
>  	nfs4_unlock_state();
> @@ -4655,6 +4661,9 @@ void nfsd_forget_openowners(u64 num)
>  	int count;
>  	struct nfsd_net *nn = net_generic(&init_net, nfsd_net_id);
>  
> +	if (!nfsd_netns_ready(nn))
> +		return;
> +
>  	nfs4_lock_state();
>  	count = nfsd_release_n_owners(num, true, release_openowner_sop, nn);
>  	nfs4_unlock_state();
> -- 
> 1.8.0
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux