diff options
author | Dan Carpenter <dan.carpenter@oracle.com> | 2012-03-13 20:18:48 +0300 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2012-03-13 15:33:08 -0400 |
commit | e138ead73f872559778bb0c326e795206f96d3ce (patch) | |
tree | e134947deaeae4e347297440a6fd6ebe7fefcc97 /fs/nfs | |
parent | 9a3ba432330e504ac61ff0043dbdaba7cea0e35a (diff) | |
download | op-kernel-dev-e138ead73f872559778bb0c326e795206f96d3ce.zip op-kernel-dev-e138ead73f872559778bb0c326e795206f96d3ce.tar.gz |
NFS: null dereference in dev_remove()
In commit 5ffaf85541 "NFS: replace global bl_wq with per-net one" we
made "msg" a pointer instead of a struct stored in stack memory. But we
forgot to change the memset() here so we're still clearing stack memory
instead clearing the struct like we intended. It will lead to a kernel
crash.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'fs/nfs')
-rw-r--r-- | fs/nfs/blocklayout/blocklayoutdm.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/nfs/blocklayout/blocklayoutdm.c b/fs/nfs/blocklayout/blocklayoutdm.c index 30fc22a..737d839 100644 --- a/fs/nfs/blocklayout/blocklayoutdm.c +++ b/fs/nfs/blocklayout/blocklayoutdm.c @@ -54,7 +54,7 @@ static void dev_remove(struct net *net, dev_t dev) dprintk("Entering %s\n", __func__); bl_pipe_msg.bl_wq = &nn->bl_wq; - memset(&msg, 0, sizeof(*msg)); + memset(msg, 0, sizeof(*msg)); msg->data = kzalloc(1 + sizeof(bl_umount_request), GFP_NOFS); if (!msg->data) goto out; |