shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-04-17 19:12:35 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
b09577ca6680033a4315e2f5cb3a95ebbb8dea79
linux/net
History
J. Bruce Fields b09577ca66 svcrpc: fix double-free on shutdown of nfsd after changing pool mode 
commit 61c8504c42 upstream.

The pool_to and to_pool fields of the global svc_pool_map are freed on
shutdown, but are initialized in nfsd startup only in the
SVC_POOL_PERCPU and SVC_POOL_PERNODE cases.

They *are* initialized to zero on kernel startup.  So as long as you use
only SVC_POOL_GLOBAL (the default), this will never be a problem.

You're also OK if you only ever use SVC_POOL_PERCPU or SVC_POOL_PERNODE.

However, the following sequence events leads to a double-free:

	1. set SVC_POOL_PERCPU or SVC_POOL_PERNODE
	2. start nfsd: both fields are initialized.
	3. shutdown nfsd: both fields are freed.
	4. set SVC_POOL_GLOBAL
	5. start nfsd: the fields are left untouched.
	6. shutdown nfsd: now we try to free them again.

Step 4 is actually unnecessary, since (for some bizarre reason), nfsd
automatically resets the pool mode to SVC_POOL_GLOBAL on shutdown.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2012-01-25 17:24:47 -08:00
..
9p
net/9p: Fix kernel crash with msize 512K
2011-10-03 11:40:22 -07:00
802
snap: remove one synchronize_net()
2011-05-23 16:29:24 -04:00
8021q
vlan: reset headers on accel emulation path
2011-10-03 11:40:55 -07:00
appletalk
appletalk: Fix OOPS in atalk_release().
2011-03-31 18:59:10 -07:00
atm
atm: br2684: Fix oops due to skb->dev being NULL
2011-10-03 11:39:57 -07:00
ax25
ax25: Fix set-but-unused variable.
2011-04-17 00:48:31 -07:00
batman-adv
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
2011-05-20 13:43:21 -07:00
bluetooth
Bluetooth: Fix timeout on scanning for the second time
2011-10-03 11:41:01 -07:00
bridge
bridge: leave carrier on for empty bridge
2011-11-11 09:36:49 -08:00
caif
caif: Fix BUG() with network namespaces
2011-11-11 09:35:47 -08:00
can
can bcm: fix incomplete tx_setup fix
2011-11-11 09:36:45 -08:00
ceph
ceph: fix file mode calculation
2011-07-19 11:25:04 -07:00
core
net: Handle different key sizes between address families in flow cache
2011-11-11 09:37:17 -08:00
dcb
net: dcbnl: Update copyright dates
2011-03-14 17:02:42 -07:00
dccp
net: Compute protocol sequence numbers and fragment IDs using MD5.
2011-08-15 18:31:35 -07:00
decnet
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
2011-05-20 13:43:21 -07:00
dns_resolver
KEYS: Improve /proc/keys
2011-03-17 11:59:32 +11:00
dsa
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2011-05-05 14:59:02 -07:00
econet
econet: Fix set-but-unused variable.
2011-04-17 00:15:22 -07:00
ethernet
net: add IFF_SKB_TX_SHARED flag to priv_flags
2011-08-15 18:31:38 -07:00
ieee802154
ieee802154: Don't leak memory in ieee802154_nl_fill_phy
2011-06-13 18:03:22 -04:00
ipv4
igmp: Avoid zero delay when receiving odd mixture of IGMP queries
2012-01-12 11:35:41 -08:00
ipv6
ipip, sit: copy parms.name after register_netdevice
2012-01-06 14:13:45 -08:00
ipx
ipx: fix ipx_release()
2011-03-21 18:16:39 -07:00
irda
irda: iriap: Use seperate lockdep class for irias_objects->hb_spinlock
2011-06-06 17:00:35 -07:00
iucv
[S390] irq: merge irq.c and s390_ext.c
2011-05-26 09:48:24 +02:00
key
net: convert %p usage to %pK
2011-05-24 01:13:12 -04:00
l2tp
l2tp: fix a potential skb leak in l2tp_xmit_skb()
2011-11-11 09:36:26 -08:00
lapb
Net: lapb: Makefile: Remove deprecated kbuild goal definitions
2010-11-22 08:16:14 -08:00
llc
llc: llc_cmsg_rcv was getting called after sk_eat_skb.
2012-01-06 14:14:06 -08:00
mac80211
mac80211: fix rx->key NULL pointer dereference in promiscuous mode
2012-01-25 17:24:43 -08:00
netfilter
IPVS: Free resources on module removal
2011-08-15 18:31:37 -07:00
netlabel
Remove prefetch() from <linux/skbuff.h> and "netlabel_addrlist.h"
2011-05-22 21:43:41 -07:00
netlink
net: convert %p usage to %pK
2011-05-24 01:13:12 -04:00
netrom
NET: AX.25, NETROM, ROSE: Remove SOCK_DEBUG calls
2011-04-14 00:20:07 -07:00
packet
make PACKET_STATISTICS getsockopt report consistently between ring and non-ring
2011-11-11 09:36:29 -08:00
phonet
net: convert %p usage to %pK
2011-05-24 01:13:12 -04:00
rds
RDMA/cma: Pass QP type into rdma_create_id()
2011-05-25 13:46:23 -07:00
rfkill
net: rfkill: add generic gpio rfkill driver
2011-05-19 13:53:54 -04:00
rose
NET: AX.25, NETROM, ROSE: Remove SOCK_DEBUG calls
2011-04-14 00:20:07 -07:00
rxrpc
rxrpc: Fix set but unused variable 'usage' in rxrpc_get_transport()
2011-05-19 18:51:50 -04:00
sched
sch_gred: should not use GFP_KERNEL while holding a spinlock
2012-01-06 14:14:08 -08:00
sctp
sctp: Do not account for sizeof(struct sk_buff) in estimated rwnd
2012-01-06 14:14:09 -08:00
sunrpc
svcrpc: fix double-free on shutdown of nfsd after changing pool mode
2012-01-25 17:24:47 -08:00
tipc
tipc: Revise timings used when sending link request messages
2011-05-10 16:04:02 -04:00
unix
net: convert %p usage to %pK
2011-05-24 01:13:12 -04:00
wanrouter
Fix common misspellings
2011-03-31 11:26:23 -03:00
wimax
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
2010-05-20 21:04:44 -07:00
wireless
cfg80211: amend regulatory NULL dereference fix
2011-12-09 08:52:45 -08:00
x25
x25: Prevent skb overreads when checking call user data
2011-10-25 07:10:17 +02:00
xfrm
xfrm: Perform a replay check after return from async codepaths
2011-10-03 11:40:55 -07:00
compat.c
net: Add sendmmsg socket system call
2011-05-05 11:10:14 -07:00
Kconfig
bpf: depends on MODULES
2011-04-29 10:20:53 -07:00
Makefile
net: Enter net/ipv6/ even if CONFIG_IPV6=n
2011-03-07 12:50:52 -08:00
nonet.c
llseek: automatically add .llseek fop
2010-10-15 15:53:27 +02:00
socket.c
sendmmsg/sendmsg: fix unsafe user pointer access
2011-10-03 11:39:54 -07:00
sysctl_net.c
net: Remove unnecessary returns from void function()s
2010-05-17 23:23:14 -07:00
TUNABLE