diff options
author | Jeff Layton <jlayton@redhat.com> | 2013-03-18 10:49:07 -0400 |
---|---|---|
committer | J. Bruce Fields <bfields@redhat.com> | 2013-03-18 14:58:32 -0400 |
commit | a517b608fa3d9b65930ef53ffe4a2f9800e10f7d (patch) | |
tree | 568ca9715795381044455f55ca1c09fca20585fd /fs/nfsd | |
parent | a937536b868b8369b98967929045f1df54234323 (diff) | |
download | op-kernel-dev-a517b608fa3d9b65930ef53ffe4a2f9800e10f7d.zip op-kernel-dev-a517b608fa3d9b65930ef53ffe4a2f9800e10f7d.tar.gz |
nfsd: only unhash DRC entries that are in the hashtable
It's not safe to call hlist_del() on a newly initialized hlist_node.
That leads to a NULL pointer dereference. Only do that if the entry
is hashed.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs/nfsd')
-rw-r--r-- | fs/nfsd/nfscache.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c index 62c1ee1..18509bd 100644 --- a/fs/nfsd/nfscache.c +++ b/fs/nfsd/nfscache.c @@ -102,7 +102,8 @@ nfsd_reply_cache_free_locked(struct svc_cacherep *rp) { if (rp->c_type == RC_REPLBUFF) kfree(rp->c_replvec.iov_base); - hlist_del(&rp->c_hash); + if (!hlist_unhashed(&rp->c_hash)) + hlist_del(&rp->c_hash); list_del(&rp->c_lru); --num_drc_entries; kmem_cache_free(drc_slab, rp); |