forked from Minki/linux
Fix null dereference in call_allocate
In call_allocate we need to reach the auth in order to factor au_cslack
into the allocation.
As of a17c2153d2
"SUNRPC: Move the bound
cred to struct rpc_rqst", call_allocate attempts to do this by
dereferencing tk_client->cl_auth, however this is not guaranteed to be
defined--cl_auth can be zero in the case of gss context destruction (see
rpc_free_auth).
Reorder the client state machine to bind credentials before allocating,
so that we can instead reach the auth through the cred.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: stable@kernel.org
This commit is contained in:
parent
49553c2ef8
commit
f2d47d02fd
@ -931,7 +931,7 @@ call_reserveresult(struct rpc_task *task)
|
|||||||
task->tk_status = 0;
|
task->tk_status = 0;
|
||||||
if (status >= 0) {
|
if (status >= 0) {
|
||||||
if (task->tk_rqstp) {
|
if (task->tk_rqstp) {
|
||||||
task->tk_action = call_allocate;
|
task->tk_action = call_refresh;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -972,7 +972,7 @@ call_reserveresult(struct rpc_task *task)
|
|||||||
static void
|
static void
|
||||||
call_allocate(struct rpc_task *task)
|
call_allocate(struct rpc_task *task)
|
||||||
{
|
{
|
||||||
unsigned int slack = task->tk_client->cl_auth->au_cslack;
|
unsigned int slack = task->tk_rqstp->rq_cred->cr_auth->au_cslack;
|
||||||
struct rpc_rqst *req = task->tk_rqstp;
|
struct rpc_rqst *req = task->tk_rqstp;
|
||||||
struct rpc_xprt *xprt = task->tk_xprt;
|
struct rpc_xprt *xprt = task->tk_xprt;
|
||||||
struct rpc_procinfo *proc = task->tk_msg.rpc_proc;
|
struct rpc_procinfo *proc = task->tk_msg.rpc_proc;
|
||||||
@ -980,7 +980,7 @@ call_allocate(struct rpc_task *task)
|
|||||||
dprint_status(task);
|
dprint_status(task);
|
||||||
|
|
||||||
task->tk_status = 0;
|
task->tk_status = 0;
|
||||||
task->tk_action = call_refresh;
|
task->tk_action = call_bind;
|
||||||
|
|
||||||
if (req->rq_buffer)
|
if (req->rq_buffer)
|
||||||
return;
|
return;
|
||||||
@ -1042,7 +1042,7 @@ call_refreshresult(struct rpc_task *task)
|
|||||||
dprint_status(task);
|
dprint_status(task);
|
||||||
|
|
||||||
task->tk_status = 0;
|
task->tk_status = 0;
|
||||||
task->tk_action = call_bind;
|
task->tk_action = call_allocate;
|
||||||
if (status >= 0 && rpcauth_uptodatecred(task))
|
if (status >= 0 && rpcauth_uptodatecred(task))
|
||||||
return;
|
return;
|
||||||
switch (status) {
|
switch (status) {
|
||||||
|
Loading…
Reference in New Issue
Block a user