[patch] NFS: null dereference in dev

Linux NFS development
 help / color / mirror / Atom feed

* [patch] NFS: null dereference in dev_remove()
@ 2012-03-13 17:18 Dan Carpenter
  2012-03-13 17:25 ` Stanislav Kinsbursky
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2012-03-13 17:18 UTC (permalink / raw)
  To: Trond Myklebust
  Cc: Stanislav Kinsbursky, Benny Halevy, Weston Andros Adamson,
	Peng Tao, linux-nfs, kernel-janitors

In commit 5ffaf85541 "NFS: replace global bl_wq with per-net one" we
made "msg" a pointer instead of a struct stored in stack memory.  But we
forgot to change the memset() here so we're still clearing stack memory
instead clearing the struct like we intended.  It will lead to a kernel
crash.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/fs/nfs/blocklayout/blocklayoutdm.c b/fs/nfs/blocklayout/blocklayoutdm.c
index 30fc22a..737d839 100644
--- a/fs/nfs/blocklayout/blocklayoutdm.c
+++ b/fs/nfs/blocklayout/blocklayoutdm.c
@@ -54,7 +54,7 @@ static void dev_remove(struct net *net, dev_t dev)
 	dprintk("Entering %s\n", __func__);
 
 	bl_pipe_msg.bl_wq = &nn->bl_wq;
-	memset(&msg, 0, sizeof(*msg));
+	memset(msg, 0, sizeof(*msg));
 	msg->data = kzalloc(1 + sizeof(bl_umount_request), GFP_NOFS);
 	if (!msg->data)
 		goto out;

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [patch] NFS: null dereference in dev_remove()
  2012-03-13 17:18 [patch] NFS: null dereference in dev_remove() Dan Carpenter
@ 2012-03-13 17:25 ` Stanislav Kinsbursky
  0 siblings, 0 replies; 2+ messages in thread
From: Stanislav Kinsbursky @ 2012-03-13 17:25 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: Trond Myklebust, Benny Halevy, Weston Andros Adamson, Peng Tao,
	linux-nfs@vger.kernel.org, kernel-janitors@vger.kernel.org

13.03.2012 21:18, Dan Carpenter пишет:
> In commit 5ffaf85541 "NFS: replace global bl_wq with per-net one" we
> made "msg" a pointer instead of a struct stored in stack memory.  But we
> forgot to change the memset() here so we're still clearing stack memory
> instead clearing the struct like we intended.  It will lead to a kernel
> crash.
>
> Signed-off-by: Dan Carpenter<dan.carpenter@oracle.com>
>
> diff --git a/fs/nfs/blocklayout/blocklayoutdm.c b/fs/nfs/blocklayout/blocklayoutdm.c
> index 30fc22a..737d839 100644
> --- a/fs/nfs/blocklayout/blocklayoutdm.c
> +++ b/fs/nfs/blocklayout/blocklayoutdm.c
> @@ -54,7 +54,7 @@ static void dev_remove(struct net *net, dev_t dev)
>   	dprintk("Entering %s\n", __func__);
>
>   	bl_pipe_msg.bl_wq =&nn->bl_wq;
> -	memset(&msg, 0, sizeof(*msg));
> +	memset(msg, 0, sizeof(*msg));
>   	msg->data = kzalloc(1 + sizeof(bl_umount_request), GFP_NOFS);
>   	if (!msg->data)
>   		goto out;

Thanks, Dan!

-- 
Best regards,
Stanislav Kinsbursky

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2012-03-13 17:26 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-03-13 17:18 [patch] NFS: null dereference in dev_remove() Dan Carpenter
2012-03-13 17:25 ` Stanislav Kinsbursky

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox