aboutsummaryrefslogtreecommitdiffstats
path: root/net/sunrpc/clnt.c
diff options
context:
space:
mode:
authorTrond Myklebust <Trond.Myklebust@netapp.com>2008-04-19 13:15:47 -0400
committerTrond Myklebust <Trond.Myklebust@netapp.com>2008-04-19 16:52:33 -0400
commit24b74bf0c9e08cbda74d3c64af69ad402ed54e04 (patch)
treebd18884769eef620d12babbc86a008561321758e /net/sunrpc/clnt.c
parent0490a54a00c14212f22c5948c8c13a4553d745bd (diff)
SUNRPC: Fix a bug in call_decode()
call_verify() can, under certain circumstances, free the RPC slot. In that case, our cached pointer 'req = task->tk_rqstp' is invalid. Bug was introduced in commit 220bcc2afd7011b3e0569fc178331fa983c92c1b (SUNRPC: Don't call xprt_release in call refresh). Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'net/sunrpc/clnt.c')
-rw-r--r--net/sunrpc/clnt.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index ea14314331b0..522b06849f86 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -1240,10 +1240,13 @@ call_decode(struct rpc_task *task)
1240 task->tk_status); 1240 task->tk_status);
1241 return; 1241 return;
1242out_retry: 1242out_retry:
1243 req->rq_received = req->rq_private_buf.len = 0;
1244 task->tk_status = 0; 1243 task->tk_status = 0;
1245 if (task->tk_client->cl_discrtry) 1244 /* Note: call_verify() may have freed the RPC slot */
1246 xprt_force_disconnect(task->tk_xprt); 1245 if (task->tk_rqstp == req) {
1246 req->rq_received = req->rq_private_buf.len = 0;
1247 if (task->tk_client->cl_discrtry)
1248 xprt_force_disconnect(task->tk_xprt);
1249 }
1247} 1250}
1248 1251
1249/* 1252/*