git.openpandora.org / pandora-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8a1f006)
NFSv4: Fix memory corruption in nfs4_proc_open_confirm
authorTrond Myklebust <trond.myklebust@primarydata.com>
Sat, 1 Feb 2014 19:53:23 +0000 (14:53 -0500)
committerTrond Myklebust <trond.myklebust@primarydata.com>
Sat, 1 Feb 2014 20:13:39 +0000 (15:13 -0500)
nfs41_wake_and_assign_slot() relies on the task->tk_msg.rpc_argp and
task->tk_msg.rpc_resp always pointing to the session sequence arguments.

nfs4_proc_open_confirm tries to pull a fast one by reusing the open
sequence structure, thus causing corruption of the NFSv4 slot table.

Cc: stable@vger.kernel.org # 3.12+
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
fs/nfs/nfs4proc.c patch | blob | history
include/linux/nfs_xdr.h patch | blob | history

diff --cc fs/nfs/nfs4proc.c
Simple merge
diff --cc include/linux/nfs_xdr.h
Simple merge
Pandora Kernel Repository