summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPetr Vandrovec <petr@vandrovec.name>2009-11-14 10:47:07 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>2009-11-14 12:55:55 -0800
commit479c2553af9a176a0613894b9f1ec73425fd56a3 (patch)
tree3d306d6ee61bfbd6117f2a6e8ec54bffe472c9a2
parent156171c71a0dc4bce12b4408bb1591f8fe32dc1a (diff)
downloadkernel-mfld-blackbay-479c2553af9a176a0613894b9f1ec73425fd56a3.tar.gz
kernel-mfld-blackbay-479c2553af9a176a0613894b9f1ec73425fd56a3.tar.bz2
kernel-mfld-blackbay-479c2553af9a176a0613894b9f1ec73425fd56a3.zip
Fix memory corruption caused by nfsd readdir+
Commit 8177e6d6dfb9cd03d9bdeb647c32161f8f58f686 ("nfsd: clean up readdirplus encoding") introduced single character typo in nfs3 readdir+ implementation. Unfortunately that typo has quite bad side effects: random memory corruption, followed (on my box) with immediate spontaneous box reboot. Using 'p1' instead of 'p' fixes my Linux box rebooting whenever VMware ESXi box tries to list contents of my home directory. Signed-off-by: Petr Vandrovec <petr@vandrovec.name> Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Neil Brown <neilb@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--fs/nfsd/nfs3xdr.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c
index edf926e1062..d0a2ce1b432 100644
--- a/fs/nfsd/nfs3xdr.c
+++ b/fs/nfsd/nfs3xdr.c
@@ -958,7 +958,7 @@ encode_entry(struct readdir_cd *ccd, const char *name, int namlen,
p1 = encode_entry_baggage(cd, p1, name, namlen, ino);
if (plus)
- p = encode_entryplus_baggage(cd, p1, name, namlen);
+ p1 = encode_entryplus_baggage(cd, p1, name, namlen);
/* determine entry word length and lengths to go in pages */
num_entry_words = p1 - tmp;