SUNRPC: Fix a bug in call_decode() (24b74bf0) · Commits · 戴 / test

call_verify() can, under certain circumstances, free the RPC slot. In that case, our cached pointer 'req = task->tk_rqstp' is invalid. Bug was introduced in commit (SUNRPC: Don't call xprt_release in call refresh). Signed-off-by:

Trond Myklebust <Trond.Myklebust@netapp.com>

net/sunrpc/clnt.c

+6 −3

Original line number	Diff line number	Diff line
		@@ -1240,11 +1240,14 @@ call_decode(struct rpc_task *task)
		task->tk_status);
		return;
		out_retry:
		req->rq_received = req->rq_private_buf.len = 0;
		task->tk_status = 0;
		/* Note: call_verify() may have freed the RPC slot */
		if (task->tk_rqstp == req) {
		req->rq_received = req->rq_private_buf.len = 0;
		if (task->tk_client->cl_discrtry)
		xprt_force_disconnect(task->tk_xprt);
		}
		}

		/*
		* 8. Refresh the credentials if rejected by the server

Admin message