diff options
author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2008-04-19 13:15:47 -0400 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2008-04-19 16:52:33 -0400 |
commit | 24b74bf0c9e08cbda74d3c64af69ad402ed54e04 (patch) | |
tree | bd18884769eef620d12babbc86a008561321758e /net/sunrpc/clnt.c | |
parent | 0490a54a00c14212f22c5948c8c13a4553d745bd (diff) |
SUNRPC: Fix a bug in call_decode()
call_verify() can, under certain circumstances, free the RPC slot. In that
case, our cached pointer 'req = task->tk_rqstp' is invalid. Bug was
introduced in commit 220bcc2afd7011b3e0569fc178331fa983c92c1b (SUNRPC:
Don't call xprt_release in call refresh).
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc/clnt.c')
-rw-r--r-- | net/sunrpc/clnt.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c index ea14314331b0..522b06849f86 100644 --- a/net/sunrpc/clnt.c +++ b/net/sunrpc/clnt.c | |||
@@ -1240,10 +1240,13 @@ call_decode(struct rpc_task *task) | |||
1240 | task->tk_status); | 1240 | task->tk_status); |
1241 | return; | 1241 | return; |
1242 | out_retry: | 1242 | out_retry: |
1243 | req->rq_received = req->rq_private_buf.len = 0; | ||
1244 | task->tk_status = 0; | 1243 | task->tk_status = 0; |
1245 | if (task->tk_client->cl_discrtry) | 1244 | /* Note: call_verify() may have freed the RPC slot */ |
1246 | xprt_force_disconnect(task->tk_xprt); | 1245 | if (task->tk_rqstp == req) { |
1246 | req->rq_received = req->rq_private_buf.len = 0; | ||
1247 | if (task->tk_client->cl_discrtry) | ||
1248 | xprt_force_disconnect(task->tk_xprt); | ||
1249 | } | ||
1247 | } | 1250 | } |
1248 | 1251 | ||
1249 | /* | 1252 | /* |