| From 719dd3fd4544a0f7c664c43727f1b10edff7c470 Mon Sep 17 00:00:00 2001 |
| From: Ben Greear <greearb@candelatech.com> |
| Date: Tue, 12 Jul 2011 10:27:55 -0700 |
| Subject: [PATCH] SUNRPC: Fix use of static variable in rpcb_getport_async |
| |
| commit ec0dd267bf7d08cb30e321e45a75fd40edd7e528 upstream. |
| |
| Because struct rpcbind_args *map was declared static, if two |
| threads entered this method at the same time, the values |
| assigned to map could be sent two two differen tasks. |
| This could cause all sorts of problems, include use-after-free |
| and double-free of memory. |
| |
| Fix this by removing the static declaration so that the map |
| pointer is on the stack. |
| |
| Signed-off-by: Ben Greear <greearb@candelatech.com> |
| Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| --- |
| net/sunrpc/rpcb_clnt.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/net/sunrpc/rpcb_clnt.c b/net/sunrpc/rpcb_clnt.c |
| index 1211053..ab39ae2 100644 |
| --- a/net/sunrpc/rpcb_clnt.c |
| +++ b/net/sunrpc/rpcb_clnt.c |
| @@ -580,7 +580,7 @@ void rpcb_getport_async(struct rpc_task *task) |
| u32 bind_version; |
| struct rpc_xprt *xprt; |
| struct rpc_clnt *rpcb_clnt; |
| - static struct rpcbind_args *map; |
| + struct rpcbind_args *map; |
| struct rpc_task *child; |
| struct sockaddr_storage addr; |
| struct sockaddr *sap = (struct sockaddr *)&addr; |
| -- |
| 1.7.9.6 |
| |
