From: Trond Myklebust <Trond.Myklebust@netapp.com>
Date: Sat, 19 Apr 2008 17:15:47 +0000 (-0400)
Subject: SUNRPC: Fix a bug in call_decode()
X-Git-Tag: upstream/snapshot3+hdmi~26247^2^2~33
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=24b74bf0c9e08cbda74d3c64af69ad402ed54e04;p=platform%2Fadaptation%2Frenesas_rcar%2Frenesas_kernel.git

SUNRPC: Fix a bug in call_decode()

call_verify() can, under certain circumstances, free the RPC slot. In that
case, our cached pointer 'req = task->tk_rqstp' is invalid. Bug was
introduced in commit 220bcc2afd7011b3e0569fc178331fa983c92c1b (SUNRPC:
Don't call xprt_release in call refresh).

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
---

diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
index ea14314..522b068 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
@@ -1240,10 +1240,13 @@ call_decode(struct rpc_task *task)
 			task->tk_status);
 	return;
 out_retry:
-	req->rq_received = req->rq_private_buf.len = 0;
 	task->tk_status = 0;
-	if (task->tk_client->cl_discrtry)
-		xprt_force_disconnect(task->tk_xprt);
+	/* Note: call_verify() may have freed the RPC slot */
+	if (task->tk_rqstp == req) {
+		req->rq_received = req->rq_private_buf.len = 0;
+		if (task->tk_client->cl_discrtry)
+			xprt_force_disconnect(task->tk_xprt);
+	}
 }
 
 /*