[3.8.y.z extended stable] Patch "nfs4: fix discover_server_trunking use after free" has been added to staging queue

[Kamal Mostafa]

This is a note to let you know that I have just added a patch titled

    nfs4: fix discover_server_trunking use after free

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue

This patch is scheduled to be released in version 3.8.13.18.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From 8bb2fa461c50d28b0f555694498b0ce1efe94833 Mon Sep 17 00:00:00 2001
From: Weston Andros Adamson <dros at primarydata.com>
Date: Sun, 19 Jan 2014 22:45:36 -0500
Subject: nfs4: fix discover_server_trunking use after free

commit abad2fa5ba67725a3f9c376c8cfe76fbe94a3041 upstream.

If clp is new (cl_count = 1) and it matches another client in
nfs4_discover_server_trunking, the nfs_put_client will free clp before
->cl_preserve_clid is set.

Signed-off-by: Weston Andros Adamson <dros at primarydata.com>
Signed-off-by: Trond Myklebust <trond.myklebust at primarydata.com>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 fs/nfs/nfs4client.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c
index c53189d..08ff307 100644
--- a/fs/nfs/nfs4client.c
+++ b/fs/nfs/nfs4client.c
@@ -236,13 +236,11 @@ struct nfs_client *nfs4_init_client(struct nfs_client *clp,
 	error = nfs4_discover_server_trunking(clp, &old);
 	if (error < 0)
 		goto error;
-	nfs_put_client(clp);
-	if (clp != old) {
-		clp->cl_preserve_clid = true;
-		clp = old;
-	}

-	return clp;
+	if (clp != old)
+		clp->cl_preserve_clid = true;
+	nfs_put_client(clp);
+	return old;

 error:
 	nfs_mark_client_ready(clp, error);
--
1.8.3.2