From: Kinglong Mee <kinglongmee@gmail.com>
Date: Mon, 7 Jul 2014 14:10:56 +0000 (+0800)
Subject: NFSD: Fix crash encoding lock reply on 32-bit
X-Git-Tag: omap-for-v3.17/fixes-against-rc2~235^2
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f98bac5a30b60a2fca854dd5ee7256221d8ccf0a;p=pandora-kernel.git

NFSD: Fix crash encoding lock reply on 32-bit

Commit 8c7424cff6 "nfsd4: don't try to encode conflicting owner if low
on space" forgot to free conf->data in nfsd4_encode_lockt and before
sign conf->data to NULL in nfsd4_encode_lock_denied, causing a leak.

Worse, kfree() can be called on an uninitialized pointer in the case of
a succesful lock (or one that fails for a reason other than a conflict).

(Note that lock->lk_denied.ld_owner.data appears it should be zero here,
until you notice that it's one arm of a union the other arm of which is
written to in the succesful case by the

	memcpy(&lock->lk_resp_stateid, &lock_stp->st_stid.sc_stateid,
	                                sizeof(stateid_t));

in nfsd4_lock().  In the 32-bit case this overwrites ld_owner.data.)

Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Fixes: 8c7424cff6 ""nfsd4: don't try to encode conflicting owner if low on space"
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
---

Reading git-diff-tree failed