Skip to content
Commit 10233290 authored by J. Bruce Fields's avatar J. Bruce Fields Committed by Herton Ronaldo Krzesinski
Browse files

svcrpc: fix list-corrupting race on nfsd shutdown

BugLink: http://bugs.launchpad.net/bugs/823296

commit ebc63e531cc6a457595dd110b07ac530eae788c3 upstream.

After commit 3262c816

 "[PATCH] knfsd:
split svc_serv into pools", svc_delete_xprt (then svc_delete_socket) no
longer removed its xpt_ready (then sk_ready) field from whatever list it
was on, noting that there was no point since the whole list was about to
be destroyed anyway.

That was mostly true, but forgot that a few svc_xprt_enqueue()'s might
still be hanging around playing with the about-to-be-destroyed list, and
could get themselves into trouble writing to freed memory if we left
this xprt on the list after freeing it.

(This is actually functionally identical to a patch made first by Ben
Greear, but with more comments.)

Cc: gnb@fmeh.org
Reported-by: default avatarBen Greear <greearb@candelatech.com>
Tested-by: default avatarBen Greear <greearb@candelatech.com>
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
Signed-off-by: default avatarTim Gardner <tim.gardner@canonical.com>
parent fd6a367c
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment