nfs4: fix discover_server_trunking use after free

If clp is new (cl_count = 1) and it matches another client in nfs4_discover_server_trunking, the nfs_put_client will free clp before ->cl_preserve_clid is set. Cc: stable@vger.kernel.org # 3.7+ Signed-off-by: Weston Andros Adamson <dros@primarydata.com> Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
author: Weston Andros Adamson <dros@primarydata.com> 2014-01-19 22:45:36 -0500
committer: Trond Myklebust <trond.myklebust@primarydata.com> 2014-01-20 16:08:06 -0700
commit: abad2fa5ba67725a3f9c376c8cfe76fbe94a3041 (patch)
tree: 22bfdee1c9f9a7cc5b11ca9398b28fc10e73ca0d /fs/nfs
parent: 64590daa9e0dfb3aad89e3ab9230683b76211d5b (diff)
download: linux-abad2fa5ba67725a3f9c376c8cfe76fbe94a3041.tar.gz
1 files changed, 4 insertions, 6 deletions
diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c
index 06e770ace073..73d4ecda1e36 100644
--- a/fs/nfs/nfs4client.c
+++ b/fs/nfs/nfs4client.c
@@ -414,13 +414,11 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp,
 	error = nfs4_discover_server_trunking(clp, &old);
 	if (error < 0)
 		goto error;
-	nfs_put_client(clp);
-	if (clp != old) {
-		clp->cl_preserve_clid = true;
-		clp = old;
-	}
 
-	return clp;
+	if (clp != old)
+		clp->cl_preserve_clid = true;
+	nfs_put_client(clp);
+	return old;
 
 error:
 	nfs_mark_client_ready(clp, error);
author	Weston Andros Adamson <dros@primarydata.com>	2014-01-19 22:45:36 -0500
committer	Trond Myklebust <trond.myklebust@primarydata.com>	2014-01-20 16:08:06 -0700
commit	abad2fa5ba67725a3f9c376c8cfe76fbe94a3041 (patch)
tree	22bfdee1c9f9a7cc5b11ca9398b28fc10e73ca0d /fs/nfs
parent	64590daa9e0dfb3aad89e3ab9230683b76211d5b (diff)
download	linux-abad2fa5ba67725a3f9c376c8cfe76fbe94a3041.tar.gz