Commit abad2fa5 authored by Weston Andros Adamson's avatar Weston Andros Adamson Committed by Trond Myklebust

nfs4: fix discover_server_trunking use after free

If clp is new (cl_count = 1) and it matches another client in
nfs4_discover_server_trunking, the nfs_put_client will free clp before
->cl_preserve_clid is set.

Cc: stable@vger.kernel.org # 3.7+
Signed-off-by: default avatarWeston Andros Adamson <dros@primarydata.com>
Signed-off-by: default avatarTrond Myklebust <trond.myklebust@primarydata.com>
parent 64590daa
...@@ -414,13 +414,11 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp, ...@@ -414,13 +414,11 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp,
error = nfs4_discover_server_trunking(clp, &old); error = nfs4_discover_server_trunking(clp, &old);
if (error < 0) if (error < 0)
goto error; goto error;
nfs_put_client(clp);
if (clp != old) {
clp->cl_preserve_clid = true;
clp = old;
}
return clp; if (clp != old)
clp->cl_preserve_clid = true;
nfs_put_client(clp);
return old;
error: error:
nfs_mark_client_ready(clp, error); nfs_mark_client_ready(clp, error);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment