summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2013-03-18 10:49:07 -0400
committerJ. Bruce Fields <bfields@redhat.com>2013-03-18 14:58:32 -0400
commita517b608fa3d9b65930ef53ffe4a2f9800e10f7d (patch)
tree568ca9715795381044455f55ca1c09fca20585fd
parenta937536b868b8369b98967929045f1df54234323 (diff)
downloadlwn-a517b608fa3d9b65930ef53ffe4a2f9800e10f7d.tar.gz
lwn-a517b608fa3d9b65930ef53ffe4a2f9800e10f7d.zip
nfsd: only unhash DRC entries that are in the hashtable
It's not safe to call hlist_del() on a newly initialized hlist_node. That leads to a NULL pointer dereference. Only do that if the entry is hashed. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
-rw-r--r--fs/nfsd/nfscache.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c
index 62c1ee128aeb..18509bd6f587 100644
--- a/fs/nfsd/nfscache.c
+++ b/fs/nfsd/nfscache.c
@@ -102,7 +102,8 @@ nfsd_reply_cache_free_locked(struct svc_cacherep *rp)
{
if (rp->c_type == RC_REPLBUFF)
kfree(rp->c_replvec.iov_base);
- hlist_del(&rp->c_hash);
+ if (!hlist_unhashed(&rp->c_hash))
+ hlist_del(&rp->c_hash);
list_del(&rp->c_lru);
--num_drc_entries;
kmem_cache_free(drc_slab, rp);