• NeilBrown's avatar
    sunrpc: don't mark uninitialised items as VALID. · d58431ea
    NeilBrown authored
    A recent commit added a call to cache_fresh_locked()
    when an expired item was found.
    The call sets the CACHE_VALID flag, so it is important
    that the item actually is valid.
    There are two ways it could be valid:
    1/ If ->update has been called to fill in relevant content
    2/ if CACHE_NEGATIVE is set, to say that content doesn't exist.
    
    An expired item that is waiting for an update will be neither.
    Setting CACHE_VALID will mean that a subsequent call to cache_put()
    will be likely to dereference uninitialised pointers.
    
    So we must make sure the item is valid, and we already have code to do
    that in try_to_negate_entry().  This takes the hash lock and so cannot
    be used directly, so take out the two lines that we need and use them.
    
    Now cache_fresh_locked() is certain to be called only on
    a valid item.
    
    Cc: stable@kernel.org # 2.6.35
    Fixes: 4ecd55ea ("sunrpc: fix cache_head leak due to queued request")
    Signed-off-by: default avatarNeilBrown <neilb@suse.com>
    Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
    d58431ea
cache.c 45.4 KB