Re: [Patch] Possible dereference in fs/nfsd/nfs4callback.c

From: Valdis . Kletnieks
Date: Tue Sep 26 2006 - 09:17:52 EST

On Tue, 26 Sep 2006 12:30:59 +0200, Eric Sesterhenn said:

> we set cb->cb_client to NULL and pass it to rpc_shutdown_client() which dereferences it.
> The easy fix below.

> out_clnt:
> - rpc_shutdown_client(cb->cb_client);
> + if (cb->cb_client)
> + rpc_shutdown_client(cb->cb_client);

OK, I admit not knowing the NFS code well, but this one looks suspiciously
like "easy paper-over" rather than "easy fix". Is there other cod elsewhere
that guards this case from ever actually happening? If it *does* happen,
is it indicative of major borkage and we really should do something like:

if (cb->cb_client)
printk(KERN_ERR "Yowza - trashed NFS control structures...");

or even maybe a more drastic action (oops/panic)?

Attachment: pgp00000.pgp
Description: PGP signature