]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
projects / thirdparty / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 425364d)
NFSD: Avoid corruption of a referring call list
authorChuck Lever <chuck.lever@oracle.com>
Sun, 8 Jun 2025 22:08:51 +0000 (18:08 -0400)
committerChuck Lever <chuck.lever@oracle.com>
Fri, 13 Jun 2025 00:37:32 +0000 (20:37 -0400)
The new code neglects to remove a freshly-allocated RCL from the
callback's referring call list when no matching referring call is
found.

Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/r/202505171002.cE46sdj5-lkp@intel.com/
Fixes: 4f3c8d8c9e10 ("NFSD: Implement CB_SEQUENCE referring call lists")
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
fs/nfsd/nfs4callback.c patch | blob | blame | history

diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
index ccb00aa93be01961fb182eb05470a7bd8e642256..e00b2aea8da2b93f366d88888f404734953f1942 100644 (file)
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -1409,6 +1409,7 @@ void nfsd41_cb_referring_call(struct nfsd4_callback *cb,
 out:
        if (!rcl->__nr_referring_calls) {
                cb->cb_nr_referring_call_list--;
+               list_del(&rcl->__list);
                kfree(rcl);
        }
 }
A mirror of Linus' kernel repository