projects / linux-2.6-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8a1f006) | patch
NFSv4: Fix memory corruption in nfs4_proc_open_confirm
authorTrond Myklebust <trond.myklebust@primarydata.com>
Sat, 1 Feb 2014 19:53:23 +0000 (14:53 -0500)
committerTrond Myklebust <trond.myklebust@primarydata.com>
Sat, 1 Feb 2014 20:13:39 +0000 (15:13 -0500)
commit17ead6c85c3d0ef57a14d1373f1f1cee2ce60ea8
tree36fc04d5578037acf69efda944b4e8dd2ff5a0dftree | snapshot
parent8a1f006ad302ea178aefb1f8c67e679c696289e9commit | diff
NFSv4: Fix memory corruption in nfs4_proc_open_confirm

nfs41_wake_and_assign_slot() relies on the task->tk_msg.rpc_argp and
task->tk_msg.rpc_resp always pointing to the session sequence arguments.

nfs4_proc_open_confirm tries to pull a fast one by reusing the open
sequence structure, thus causing corruption of the NFSv4 slot table.

Cc: stable@vger.kernel.org # 3.12+
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
fs/nfs/nfs4proc.c diff | blob | blame | history
include/linux/nfs_xdr.h diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)