mirror of
https://github.com/torvalds/linux.git
synced 2024-11-22 20:22:09 +00:00
1c327d962f
In nlmsvc_retry_blocked, the check that the list is non-empty and acquiring
the pointer of the first entry is unprotected by any lock. This allows a rare
race condition when there is only one entry on the list. A function such as
nlmsvc_grant_callback() can be called, which will temporarily remove the entry
from the list. Between the list_empty() and list_entry(),the list may become
empty, causing an invalid pointer to be used as an nlm_block, leading to a
possible crash.
This patch adds the nlm_block_lock around these calls to prevent concurrent
use of the nlm_blocked list.
This was a regression introduced by
|
||
|---|---|---|
| .. | ||
| clnt4xdr.c | ||
| clntlock.c | ||
| clntproc.c | ||
| clntxdr.c | ||
| grace.c | ||
| host.c | ||
| Makefile | ||
| mon.c | ||
| netns.h | ||
| svc4proc.c | ||
| svc.c | ||
| svclock.c | ||
| svcproc.c | ||
| svcshare.c | ||
| svcsubs.c | ||
| xdr4.c | ||
| xdr.c | ||