From e138ead73f872559778bb0c326e795206f96d3ce Mon Sep 17 00:00:00 2001
From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Tue, 13 Mar 2012 20:18:48 +0300
Subject: [PATCH] NFS: null dereference in dev_remove()

In commit 5ffaf85541 "NFS: replace global bl_wq with per-net one" we
made "msg" a pointer instead of a struct stored in stack memory.  But we
forgot to change the memset() here so we're still clearing stack memory
instead clearing the struct like we intended.  It will lead to a kernel
crash.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
---
 fs/nfs/blocklayout/blocklayoutdm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/nfs/blocklayout/blocklayoutdm.c b/fs/nfs/blocklayout/blocklayoutdm.c
index 30fc22af7bbb..737d839bc17b 100644
--- a/fs/nfs/blocklayout/blocklayoutdm.c
+++ b/fs/nfs/blocklayout/blocklayoutdm.c
@@ -54,7 +54,7 @@ static void dev_remove(struct net *net, dev_t dev)
 	dprintk("Entering %s\n", __func__);
 
 	bl_pipe_msg.bl_wq = &nn->bl_wq;
-	memset(&msg, 0, sizeof(*msg));
+	memset(msg, 0, sizeof(*msg));
 	msg->data = kzalloc(1 + sizeof(bl_umount_request), GFP_NOFS);
 	if (!msg->data)
 		goto out;
-- 
2.34.1