[PATCH] Fix a free-wrong-pointer bug in nfs/acl server.
authorGreg Banks <gnb@sgi.com>
Mon, 19 Feb 2007 23:12:34 +0000 (10:12 +1100)
committerLinus Torvalds <torvalds@woody.linux-foundation.org>
Tue, 20 Feb 2007 00:13:28 +0000 (16:13 -0800)
Due to type confusion, when an nfsacl verison 2 'ACCESS' request
finishes and tries to clean up, it calls fh_put on entiredly the
wrong thing and this can cause an oops.

Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/nfsd/nfs2acl.c

index edde5dc5f796687c84d7ae2dec0140e3e9a453ad..b6174288501112f4cef17b0d4349e88832da551a 100644 (file)
@@ -287,13 +287,20 @@ static int nfsaclsvc_release_getacl(struct svc_rqst *rqstp, __be32 *p,
        return 1;
 }
 
-static int nfsaclsvc_release_fhandle(struct svc_rqst *rqstp, __be32 *p,
-               struct nfsd_fhandle *resp)
+static int nfsaclsvc_release_attrstat(struct svc_rqst *rqstp, __be32 *p,
+               struct nfsd_attrstat *resp)
 {
        fh_put(&resp->fh);
        return 1;
 }
 
+static int nfsaclsvc_release_access(struct svc_rqst *rqstp, __be32 *p,
+               struct nfsd3_accessres *resp)
+{
+       fh_put(&resp->fh);
+       return 1;
+}
+
 #define nfsaclsvc_decode_voidargs      NULL
 #define nfsaclsvc_encode_voidres       NULL
 #define nfsaclsvc_release_void         NULL
@@ -322,9 +329,9 @@ struct nfsd3_voidargs { int dummy; };
 static struct svc_procedure            nfsd_acl_procedures2[] = {
   PROC(null,   void,           void,           void,     RC_NOCACHE, ST),
   PROC(getacl, getacl,         getacl,         getacl,   RC_NOCACHE, ST+1+2*(1+ACL)),
-  PROC(setacl, setacl,         attrstat,       fhandle,  RC_NOCACHE, ST+AT),
-  PROC(getattr, fhandle,       attrstat,       fhandle,  RC_NOCACHE, ST+AT),
-  PROC(access, access,         access,         fhandle,  RC_NOCACHE, ST+AT+1),
+  PROC(setacl, setacl,         attrstat,       attrstat, RC_NOCACHE, ST+AT),
+  PROC(getattr, fhandle,       attrstat,       attrstat, RC_NOCACHE, ST+AT),
+  PROC(access, access,         access,         access,   RC_NOCACHE, ST+AT+1),
 };
 
 struct svc_version     nfsd_acl_version2 = {