From: Trond Myklebust <trond.myklebust@primarydata.com>
Date: Wed, 26 Mar 2014 20:24:37 +0000 (-0700)
Subject: NFSv4: Fix a use-after-free problem in open()
X-Git-Tag: v3.15-rc1~66^2~1
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e911b8158ee1def8153849b1641b736026b036e0;p=pandora-kernel.git

NFSv4: Fix a use-after-free problem in open()

If we interrupt the nfs4_wait_for_completion_rpc_task() call in
nfs4_run_open_task(), then we don't prevent the RPC call from
completing. So freeing up the opendata->f_attr.mdsthreshold
in the error path in _nfs4_do_open() leads to a use-after-free
when the XDR decoder tries to decode the mdsthreshold information
from the server.

Fixes: 82be417aa37c0 (NFSv4.1 cache mdsthreshold values on OPEN)
Tested-by: Steve Dickson <SteveD@redhat.com>
Cc: stable@vger.kernel.org # 3.5+
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
---

Reading git-diff-tree failed