提交 f2d47d02 编写于 作者: J J. Bruce Fields 提交者: Trond Myklebust

Fix null dereference in call_allocate

In call_allocate we need to reach the auth in order to factor au_cslack
into the allocation.

As of a17c2153 "SUNRPC: Move the bound
cred to struct rpc_rqst", call_allocate attempts to do this by
dereferencing tk_client->cl_auth, however this is not guaranteed to be
defined--cl_auth can be zero in the case of gss context destruction (see
rpc_free_auth).

Reorder the client state machine to bind credentials before allocating,
so that we can instead reach the auth through the cred.
Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
Cc: stable@kernel.org
上级 49553c2e
......@@ -931,7 +931,7 @@ call_reserveresult(struct rpc_task *task)
task->tk_status = 0;
if (status >= 0) {
if (task->tk_rqstp) {
task->tk_action = call_allocate;
task->tk_action = call_refresh;
return;
}
......@@ -972,7 +972,7 @@ call_reserveresult(struct rpc_task *task)
static void
call_allocate(struct rpc_task *task)
{
unsigned int slack = task->tk_client->cl_auth->au_cslack;
unsigned int slack = task->tk_rqstp->rq_cred->cr_auth->au_cslack;
struct rpc_rqst *req = task->tk_rqstp;
struct rpc_xprt *xprt = task->tk_xprt;
struct rpc_procinfo *proc = task->tk_msg.rpc_proc;
......@@ -980,7 +980,7 @@ call_allocate(struct rpc_task *task)
dprint_status(task);
task->tk_status = 0;
task->tk_action = call_refresh;
task->tk_action = call_bind;
if (req->rq_buffer)
return;
......@@ -1042,7 +1042,7 @@ call_refreshresult(struct rpc_task *task)
dprint_status(task);
task->tk_status = 0;
task->tk_action = call_bind;
task->tk_action = call_allocate;
if (status >= 0 && rpcauth_uptodatecred(task))
return;
switch (status) {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册