diff options
author | Boaz Harrosh <bharrosh@panasas.com> | 2010-06-29 14:33:55 +0300 |
---|---|---|
committer | J. Bruce Fields <bfields@redhat.com> | 2010-08-06 17:05:39 -0400 |
commit | c18c821fd40ad0ffc199a55be874e556bf999416 (patch) | |
tree | ba1830c90160a4f85a32552425a556b70e56bae1 /fs/nfsd/nfs4callback.c | |
parent | 774f8bbd9ef2e71d4ef4b89933d292091d31ca98 (diff) | |
download | linux-3.10-c18c821fd40ad0ffc199a55be874e556bf999416.tar.gz linux-3.10-c18c821fd40ad0ffc199a55be874e556bf999416.tar.bz2 linux-3.10-c18c821fd40ad0ffc199a55be874e556bf999416.zip |
nfsd41: Fix a crash when a callback is retried
If a callback is retried at nfsd4_cb_recall_done() due to
some error, the returned rpc reply crashes here:
@@ -514,6 +514,7 @@ decode_cb_sequence(struct xdr_stream *xdr, struct nfsd4_cb_sequence *res,
u32 dummy;
__be32 *p;
+ BUG_ON(!res);
if (res->cbs_minorversion == 0)
return 0;
[BUG_ON added for demonstration]
This is because the nfsd4_cb_done_sequence() has NULLed out
the task->tk_msg.rpc_resp pointer.
Also eventually the rpc would use the new slot without making
sure it is free by calling nfsd41_cb_setup_sequence().
This problem was introduced by a 4.1 protocol addition patch:
[0421b5c5] nfsd41: Backchannel: Implement cb_recall over NFSv4.1
Which was overlooking the possibility of an RPC callback retries.
For not-4.1 case redoing the _prepare is harmless.
Signed-off-by: Boaz Harrosh <bharrosh@panasas.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs/nfsd/nfs4callback.c')
-rw-r--r-- | fs/nfsd/nfs4callback.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c index 1e6497ed3e1..988cbb3a19b 100644 --- a/fs/nfsd/nfs4callback.c +++ b/fs/nfsd/nfs4callback.c @@ -697,7 +697,7 @@ static void nfsd4_cb_recall_done(struct rpc_task *task, void *calldata) if (dp->dl_retries--) { rpc_delay(task, 2*HZ); task->tk_status = 0; - rpc_restart_call(task); + rpc_restart_call_prepare(task); return; } else { atomic_set(&clp->cl_cb_set, 0); |