Non init'ed "nd" in svc_export_parse() ?
Neil Brown
neilb at suse.de
Fri Jul 13 00:32:13 EDT 2007
On Thursday July 5, bfields at fieldses.org wrote:
> On Thu, Jul 05, 2007 at 04:07:41PM +0200, Zoltan Menyhart wrote:
> > There is a "struct nameidata nd" allocated on the call frame of
> > svc_export_parse().
> > Only "nd.dentry" is initialized to NULL before calling
> > path_lookup(buf, 0, &nd).
> > I had a look at the other places where path_lookup() is called.
> > Apparently svc_export_parse() does not initialize some fields
> > which are init'ed elsewhere, before calling path_lookup(), e.g.
> > "nd.intent.*".
> > Should not be these fields be init'ed to some reasonable value?
>
> It's probably only nfs that cares about that being set here, and nfsd
> doesn't export nfs.
>
> But, hm, we don't check for that case here. And the lookup could still
> traverse an nfs filesystem even if it doesn't end up on one. So maybe
> you could produce some kind of crash by attempting to export a path that
> crosses an NFSv4 filesystem. Sounds like it'd be worth looking at more
> carefully.
I don't think there is any real problem here.
the 'intent' stuff is only used of LOOKUP_OPEN or LOOKUP_CREATE are
set, and we don't set either of those flags.
The only reason we even initialise nd.dentry is so that if we "goto
out", we can reliably tell if we need to call "path_release".
NeilBrown
More information about the NFSv4
mailing list