From: Greg Banks Date: Tue, 31 Mar 2009 20:28:15 +0000 (+1100) Subject: knfsd: fix reply cache memory corruption X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=cf0a586cf41a1779edeee7562afb5d0ab46c7cf4;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git knfsd: fix reply cache memory corruption Fix a regression in the reply cache introduced when the code was converted to use proper Linux lists. When a new entry needs to be inserted, the case where all the entries are currently being used by threads is not correctly detected. This can result in memory corruption and a crash. In the current code this is an extremely unlikely corner case; it would require the machine to have 1024 nfsd threads and all of them to be busy at the same time. However, upcoming reply cache changes make this more likely; a crash due to this problem was actually observed in field. Signed-off-by: Greg Banks Signed-off-by: J. Bruce Fields --- diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c index 6f0aa4989c61..4638635c5d87 100644 --- a/fs/nfsd/nfscache.c +++ b/fs/nfsd/nfscache.c @@ -174,8 +174,8 @@ nfsd_cache_lookup(struct svc_rqst *rqstp, int type) } } - /* This should not happen */ - if (rp == NULL) { + /* All entries on the LRU are in-progress. This should not happen */ + if (&rp->c_lru == &lru_head) { static int complaints; printk(KERN_WARNING "nfsd: all repcache entries locked!\n");