]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7cc5b0e) | patch
NFSv4: Fix memory corruption in nfs4_proc_open_confirm
authorTrond Myklebust <trond.myklebust@primarydata.com>
Sat, 1 Feb 2014 19:53:23 +0000 (14:53 -0500)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 20 Feb 2014 19:10:07 +0000 (11:10 -0800)
commit8b44deea7961078f654da44f89583138f85c978c
tree5e68b3b54ab9584a27094ac554547fc1ecf3114ctree
parent7cc5b0ecaa9dbb3df6db4af7c8dfbdaf294cf72acommit | diff
NFSv4: Fix memory corruption in nfs4_proc_open_confirm

commit 17ead6c85c3d0ef57a14d1373f1f1cee2ce60ea8 upstream.

nfs41_wake_and_assign_slot() relies on the task->tk_msg.rpc_argp and
task->tk_msg.rpc_resp always pointing to the session sequence arguments.

nfs4_proc_open_confirm tries to pull a fast one by reusing the open
sequence structure, thus causing corruption of the NFSv4 slot table.

Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/nfs/nfs4proc.c diff | blob | blame | history
include/linux/nfs_xdr.h diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git