Bug 19270

Summary: NFS file_lock have unititialized list_head structures.
Product: [Retired] Red Hat Linux Reporter: Thor Nolen <nolen>
Component: kernelAssignee: Arjan van de Ven <arjanv>
Status: CLOSED CURRENTRELEASE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-09-30 15:38:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Thor Nolen 2000-10-17 16:30:39 UTC
The NFS lock routines (nlmsvc_lock, nlmsvc_testlock, and maybe others)
are being called with file_lock structures that contain uninitialized
list_head structs. (this as of 2.4.0-test7).

The "next" links should be circular chains, but are instead NULL.
This causes problems later when they are used.  I don't know where they
should be initialized, but a INIT_LIST_HEAD() should be done when these
file_lock structs are created.  For example, fl_wait.task_list not
being set shows itself when an NFS SETLK is followed by a GETLK.
The result is a dereference of the NULL pointer in locks_free_lock
when it tries the list_empty().

I opened another defect (#24) on a similar problem where
nlmsvc_lock calls nlmsvc_create_block to create a nlm_block struct
and then failed to init these circular chains.  The result was that
SETLKW operations resulted in the NULL pointer being used if the
request blocked.  This, however, now appears to be a much more
prevelant problem that is happening more than reported in defect #24.

Comment 1 Thor Nolen 2000-10-17 17:47:10 UTC
within this report 'defect #24' = bugzilla entry #19267

Comment 2 Bugzilla owner 2004-09-30 15:38:50 UTC
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem
persists.

The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, 
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/