[bug report] [AF_RXRPC]: Make the in-kernel AFS filesystem use AF_RXRPC.
Dan Carpenter
dan.carpenter at oracle.com
Wed Nov 30 13:12:04 PST 2016
Hello David Howells,
The patch 08e0e7c82eea: "[AF_RXRPC]: Make the in-kernel AFS
filesystem use AF_RXRPC." from Apr 26, 2007, leads to the following
static checker warning:
fs/afs/cmservice.c:155 SRXAFSCB_CallBack()
error: dereferencing freed memory 'call'
fs/afs/cmservice.c
139 /*
140 * allow the fileserver to see if the cache manager is still alive
141 */
142 static void SRXAFSCB_CallBack(struct work_struct *work)
143 {
144 struct afs_call *call = container_of(work, struct afs_call, work);
145
146 _enter("");
147
148 /* be sure to send the reply *before* attempting to spam the AFS server
149 * with FSFetchStatus requests on the vnodes with broken callbacks lest
150 * the AFS server get into a vicious cycle of trying to break further
151 * callbacks because it hadn't received completion of the CBCallBack op
152 * yet */
153 afs_send_empty_reply(call);
If afs_send_empty_reply() has an error besides -ENOMEM then it frees
call.
154
155 afs_break_callbacks(call->server, call->count, call->request);
^^^^^^^^^^^^
NULL dereference. I feel like the fix is to not free call but really I
have no idea.
156 _leave("");
157 }
regards,
dan carpenter
More information about the linux-afs
mailing list