> On Mar 30, 2020, at 6:22 AM, Jeff Layton <jlayton@xxxxxxxxxx> wrote:
>
> On Fri, 2020-03-27 at 07:50 +0300, Vasily Averin wrote:
>> Dear Chuck,
>> please use following patch instead.
Somehow this did not make it to my inbox on Friday, but Jeff's
Reviewed-by did show up today. I'll apply this one, thanks!
>> -----
>> New struct nfsd4_blocked_lock allocated in find_or_allocate_block()
>> does not initialized nbl_list and nbl_lru.
>> If conflock allocation fails rollback can call list_del_init()
>> access uninitialized fields and corrupt memory.
>>
>> v2: just initialize nbl_list and nbl_lru right after nbl allocation.
>>
>> Fixes: 76d348fadff5 ("nfsd: have nfsd4_lock use blocking locks for v4.1+ lock")
>> Signed-off-by: Vasily Averin <vvs@xxxxxxxxxxxxx>
>> ---
>> fs/nfsd/nfs4state.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
>> index 369e574c5092..1b2eb6b35d64 100644
>> --- a/fs/nfsd/nfs4state.c
>> +++ b/fs/nfsd/nfs4state.c
>> @@ -266,6 +266,8 @@ find_or_allocate_block(struct nfs4_lockowner *lo, struct knfsd_fh *fh,
>> if (!nbl) {
>> nbl= kmalloc(sizeof(*nbl), GFP_KERNEL);
>> if (nbl) {
>> + INIT_LIST_HEAD(&nbl->nbl_list);
>> + INIT_LIST_HEAD(&nbl->nbl_lru);
>> fh_copy_shallow(&nbl->nbl_fh, fh);
>> locks_init_lock(&nbl->nbl_lock);
>> nfsd4_init_cb(&nbl->nbl_cb, lo->lo_owner.so_client,
>
> Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx>
--
Chuck Lever
