From: Andreas Gruenbacher <agruen@suse.de>
Subject: nfs NULL nameidata check?

nfs_lookup() checks for NULL nameidata in one place, but not in another. In 
nfs_sillyrename() it calls lookup_one_len() -> __lookup_hash(), which passes 
in a NULL nameidata to nfs_lookup(). Unless I'm overlooking something, 
fs/nfs/dir.c:923 will dereference this NULL pointer if the sillyrenamed file 
exists?

Signed-off-by: Andreas Gruenbacher <agruen@suse.de>

---
 fs/nfs/dir.c |   12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -896,15 +896,15 @@ int nfs_is_exclusive_create(struct inode
 	return (nd->intent.open.flags & O_EXCL) != 0;
 }
 
-static inline int nfs_reval_fsid(struct vfsmount *mnt, struct inode *dir,
+static inline int nfs_reval_fsid(struct nameidata *nd, struct inode *dir,
 				 struct nfs_fh *fh, struct nfs_fattr *fattr)
 {
 	struct nfs_server *server = NFS_SERVER(dir);
 
-	if (!nfs_fsid_equal(&server->fsid, &fattr->fsid))
-		/* Revalidate fsid on root dir */
-		return __nfs_revalidate_inode(server, mnt->mnt_root->d_inode);
-	return 0;
+	if (nd == NULL || nfs_fsid_equal(&server->fsid, &fattr->fsid))
+		return 0;
+	/* Revalidate fsid on root dir */
+	return __nfs_revalidate_inode(server, nd->mnt->mnt_root->d_inode);
 }
 
 static struct dentry *nfs_lookup(struct inode *dir, struct dentry * dentry, struct nameidata2 *nd)
@@ -945,7 +945,7 @@ static struct dentry *nfs_lookup(struct 
 		res = ERR_PTR(error);
 		goto out_unlock;
 	}
-	error = nfs_reval_fsid(nd->mnt, dir, &fhandle, &fattr);
+	error = nfs_reval_fsid(nd, dir, &fhandle, &fattr);
 	if (error < 0) {
 		res = ERR_PTR(error);
 		goto out_unlock;