Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp696571pxx; Thu, 29 Oct 2020 12:11:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxSd0g00yvPD2tG7jv0MUVBk4N12W+d5178wLBgzrNg6CQ6TjydQYMl4xzDQynm7SZj/1D5 X-Received: by 2002:a17:906:c352:: with SMTP id ci18mr5740765ejb.182.1603998679773; Thu, 29 Oct 2020 12:11:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603998679; cv=none; d=google.com; s=arc-20160816; b=XyF1l6hAHe5FsnxbQ1YwXA6f/H6BLfTvQQ5KwtjYVR4EsPvIsP1pNJlSR+X9SzLW7G UBr8ZOeuZu3IwxRBAuvgXKGxgPkpXpy6Pri9CUFOVMTp4tGNiRLesmDIeuMPigENNyDb 7ZZRtDa2SL43wW2i9H6wo+LnAOszm/EQe8OcjxNDYQyQC5FLv7B2U1y08XBkRqQQtzeP RLGyR4FXdZL/3K8eFdu1SDRzI8FT7PaJkAktZQI/tIyIAxz7NY4ejEuEhXQVXw1Em73h 12/DAj75D1Z5Pm9JlB9BD1czgz4WGcf4hYeVuVgleg3QN609o7qGVuzTU45O+xnxLZP2 86lA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=GTCo8juy2dN6x04TRpEuKIn2+s7YXqsIgOprFSrG9VU=; b=ForS2Dns/jRy3LRqz9djNAho3qNcvMHArJfm/rDOwGmBBRQEuDVJiedaz1ZVDaX0fZ ZmCx14mvehUq/AHv2eQRMJzjmd6g7Mry4Y3+yr25HascovaTjyPZ1wzL4/STNCutxuf2 eNxkNlh7NNjV74BxM4VWQeEu2IypZmEh0XvH6DLsipz43Ca+wQZKjN9ge0HaBVR4FcHf C88Ntx7wRIywV7W5IO2pgk1pXJNqO8iSfjedoVX9INHXLpXPMfgr0ZCQ0pXeCOB5CtVA nT4tXobyngenYjsB9xL8GWliJg8evxED/hHMkhKAqmrSN5OB6cXMOhvU7QFMJpbRVZ1t e8Uw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=mVQxWW6I; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dg23si2638578edb.257.2020.10.29.12.10.56; Thu, 29 Oct 2020 12:11:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2020-01-29 header.b=mVQxWW6I; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725952AbgJ2TJm (ORCPT + 99 others); Thu, 29 Oct 2020 15:09:42 -0400 Received: from aserp2130.oracle.com ([141.146.126.79]:38476 "EHLO aserp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725785AbgJ2TJf (ORCPT ); Thu, 29 Oct 2020 15:09:35 -0400 Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1]) by aserp2130.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 09TJ5Ln5015557; Thu, 29 Oct 2020 19:09:20 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=corp-2020-01-29; bh=GTCo8juy2dN6x04TRpEuKIn2+s7YXqsIgOprFSrG9VU=; b=mVQxWW6I+SMa6+Ih77WZHD1tJngVwqpAJDfFt2PCeeWrDUbUARErPY6BoEPFZznBbeMW NFeYgTRJ7nKlIXzfqvZ1d+gCfTA5eVoSNiO9rYLZbT41m18YgMMiiFG61H5efeMxAZF3 hDYuKeYDCnZVwQMiidtaNo1I0lhyN2nO5B1mJdP3uessBXvLW0u5EieTgakB2KujK2HB aCc/SyOwNPXc94k1MOdCQsFhSbb0p+y/+AS4TVOWQIKysPwbcplE5eme9C6UqudME3Am 8cG9RYjSIzv04DvA4ytJGHTdEDDlBOS8aFqmbmxJTqwVAxxxzalq7by7wq7Fxvyt93/f eQ== Received: from aserp3020.oracle.com (aserp3020.oracle.com [141.146.126.70]) by aserp2130.oracle.com with ESMTP id 34c9sb6q0s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 29 Oct 2020 19:09:20 +0000 Received: from pps.filterd (aserp3020.oracle.com [127.0.0.1]) by aserp3020.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 09TJ6BPo089949; Thu, 29 Oct 2020 19:07:20 GMT Received: from pps.reinject (localhost [127.0.0.1]) by aserp3020.oracle.com with ESMTP id 34cx60v0va-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 29 Oct 2020 19:07:20 +0000 Received: from aserp3020.oracle.com (aserp3020.oracle.com [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 09TJ71Hj092200; Thu, 29 Oct 2020 19:07:19 GMT Received: from userp3030.oracle.com (ksplice-shell2.us.oracle.com [10.152.118.36]) by aserp3020.oracle.com with ESMTP id 34cx60v0ug-3; Thu, 29 Oct 2020 19:07:19 +0000 From: Dai Ngo To: bfields@fieldses.org Cc: linux-nfs@vger.kernel.org Subject: [PATCH 2/2] NFSD: fix missing refcount in nfsd4_copy by nfsd4_do_async_copy Date: Thu, 29 Oct 2020 15:07:16 -0400 Message-Id: <20201029190716.70481-3-dai.ngo@oracle.com> X-Mailer: git-send-email 2.20.1.1226.g1595ea5.dirty In-Reply-To: <20201029190716.70481-1-dai.ngo@oracle.com> References: <20201029190716.70481-1-dai.ngo@oracle.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9789 signatures=668682 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 impostorscore=0 mlxlogscore=999 malwarescore=0 lowpriorityscore=0 bulkscore=0 priorityscore=1501 spamscore=0 phishscore=0 clxscore=1015 suspectscore=3 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2010290131 Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Need to initialize nfsd4_copy's refcount to 1 to avoid use-after-free warning when nfs4_put_copy is called from nfsd4_cb_offload_release. Fixes: ce0887ac96d3 ("NFSD add nfs4 inter ssc to nfsd4_copy") Signed-off-by: Dai Ngo --- fs/nfsd/nfs4proc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 9c43cad7e408..e83b21778816 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -1486,6 +1486,7 @@ static int nfsd4_do_async_copy(void *data) cb_copy = kzalloc(sizeof(struct nfsd4_copy), GFP_KERNEL); if (!cb_copy) goto out; + refcount_set(&cb_copy->refcount, 1); memcpy(&cb_copy->cp_res, ©->cp_res, sizeof(copy->cp_res)); cb_copy->cp_clp = copy->cp_clp; cb_copy->nfserr = copy->nfserr; -- 2.20.1.1226.g1595ea5.dirty