diff options
| author | Dai Ngo <dai.ngo@oracle.com> | 2020-10-29 15:07:15 -0400 |
|---|---|---|
| committer | J. Bruce Fields <bfields@redhat.com> | 2020-11-05 17:25:14 -0500 |
| commit | 36e1e5ba90fb3fba6888fae26e4dfc28bf70aaf1 (patch) | |
| tree | 3de12eb89f087b9bf73330405a04823f676cb94e /fs | |
| parent | 66d60e3ad1e44d42d940767f62bf265f107fb628 (diff) | |
NFSD: Fix use-after-free warning when doing inter-server copy
The source file nfsd_file is not constructed the same as other
nfsd_file's via nfsd_file_alloc. nfsd_file_put should not be
called to free the object; nfsd_file_put is not the inverse of
kzalloc, instead kfree is called by nfsd4_do_async_copy when done.
Fixes: ce0887ac96d3 ("NFSD add nfs4 inter ssc to nfsd4_copy")
Signed-off-by: Dai Ngo <dai.ngo@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/nfsd/nfs4proc.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index ad2fa1a8e7ad..9c43cad7e408 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -1299,7 +1299,7 @@ nfsd4_cleanup_inter_ssc(struct vfsmount *ss_mnt, struct nfsd_file *src, struct nfsd_file *dst) { nfs42_ssc_close(src->nf_file); - nfsd_file_put(src); + /* 'src' is freed by nfsd4_do_async_copy */ nfsd_file_put(dst); mntput(ss_mnt); } |