• NeilBrown's avatar
    SUNRPC: always free ctxt when freeing deferred request · 948f072a
    NeilBrown authored
    Since the ->xprt_ctxt pointer was added to svc_deferred_req, it has not
    been sufficient to use kfree() to free a deferred request.  We may need
    to free the ctxt as well.
    
    As freeing the ctxt is all that ->xpo_release_rqst() does, we repurpose
    it to explicit do that even when the ctxt is not stored in an rqst.
    So we now have ->xpo_release_ctxt() which is given an xprt and a ctxt,
    which may have been taken either from an rqst or from a dreq.  The
    caller is now responsible for clearing that pointer after the call to
    ->xpo_release_ctxt.
    
    We also clear dr->xprt_ctxt when the ctxt is moved into a new rqst when
    revisiting a deferred request.  This ensures there is only one pointer
    to the ctxt, so the risk of double freeing in future is reduced.  The
    new code in svc_xprt_release which releases both the ctxt and any
    rq_deferred depends on this.
    
    Fixes: 773f91b2 ("SUNRPC: Fix NFSD's request deferral on RDMA transports")
    Signed-off-by: default avatarNeilBrown <neilb@suse.de>
    Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
    Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
    948f072a
svc_xprt.c 39.2 KB