Re: [PATCHv3] sunrpc/auth_gss: NULL pointer deref ingss_pipe_release()

From: Trond Myklebust
Date: Mon Aug 14 2006 - 18:45:29 EST

Next message: Adrian Bunk: "drivers/acpi/sbs.c:acpi_sbs_remove() inconsistent NULL checking"
Previous message: Andrew Morton: "Re: [PATCH] Fix memory leak in vc_resize/vc_allocate"
In reply to: Alex Polvi: "Re: [PATCHv3] sunrpc/auth_gss: NULL pointer deref in gss_pipe_release()"
Next in thread: Alex Polvi: "Re: [PATCHv3] sunrpc/auth_gss: NULL pointer deref in gss_pipe_release()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2006-08-14 at 16:34 -0400, Alex Polvi wrote:
> On 8/14/06, Alex Polvi <polvi@xxxxxxxxxx> wrote:
> > Here is another fix. It is quite silly, but clnt->cl_auth is set to
> > NULL in rpc_destroy_client(), then eventually referenced in
> > gss_release_pipe() via rpc_rmdir(). Simply removing the clnt->cl_auth
> > = NULL from clnt.c fixes the issue. I'm still trying to understand the
> > subsystem, but it seems like rpc_rmdir is being correctly called to
> > clean up because of the weirdness with umount -l and the nfs server
> > being turned on and off. Does that seem correct? Or is this still just
> > covering up some other part of the code being sloppy cleaning up?
>
> Also, I just want to make it clear that I do not think this is the
> proper fix. It is just pointing out that we intentionally set cl_auth
> to NULL, then reference it.

OK. I think I've finally managed to clean up the various interactions
with rpc_pipefs. I've uploaded a series of patches on the NFS client
website. See

http://client.linux-nfs.org/Linux-2.6.x/2.6.18-rc4/

The relevant patches are

linux-2.6.18-006-fix_rpc_unlink.dif:

From: Trond Myklebust <Trond.Myklebust@xxxxxxxxxx>

SUNRPC: make rpc_unlink() take a dentry argument instead of a
path

Signe-off-by: Trond Myklebust <Trond.Myklebust@xxxxxxxxxx>

linux-2.6.18-007-fix_rpc_rmdir.dif:

From: Trond Myklebust <Trond.Myklebust@xxxxxxxxxx>

NFS: clean up rpc_rmdir

Make it take a dentry argument instead of a path

Signed-off-by: Trond Myklebust <Trond.Myklebust@xxxxxxxxxx>

linux-2.6.18-008-fix_rpc_unlink_rmdir_2.dif:

From: Trond Myklebust <Trond.Myklebust@xxxxxxxxxx>

SUNRPC: rpc_unlink() must check for unhashed dentries

A prior call to rpc_depopulate() by rpc_rmdir() on the parent
directory may have already called simple_unlink() on this entry.
Add the same check to rpc_rmdir(). Also remove a redundant call
to rpc_close_pipes() in rpc_rmdir.

Signed-off-by: Trond Myklebust <Trond.Myklebust@xxxxxxxxxx>

linux-2.6.18-009-fix_rpc_unlink_rmdir_3.dif:

From: Trond Myklebust <Trond.Myklebust@xxxxxxxxxx>

SUNRPC: Fix dentry refcounting issues with users of rpc_pipefs

rpc_unlink() and rpc_rmdir() will dput the dentry reference for
you.

Signed-off-by: Trond Myklebust <Trond.Myklebust@xxxxxxxxxx>

----

In addition, there is one patch that is needed in order to fix up a
related issue in the function nfs_alloc_client(), which was introduced
by David Howells' NFS superblock sharing patches.

Cheers,
Trond

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Adrian Bunk: "drivers/acpi/sbs.c:acpi_sbs_remove() inconsistent NULL checking"
Previous message: Andrew Morton: "Re: [PATCH] Fix memory leak in vc_resize/vc_allocate"
In reply to: Alex Polvi: "Re: [PATCHv3] sunrpc/auth_gss: NULL pointer deref in gss_pipe_release()"
Next in thread: Alex Polvi: "Re: [PATCHv3] sunrpc/auth_gss: NULL pointer deref in gss_pipe_release()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]