git.itanic.dy.fi Git - linux-stable/commit

author	NeilBrown <neilb@suse.de>
	Mon, 8 May 2023 23:42:47 +0000 (09:42 +1000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 24 May 2023 16:36:51 +0000 (17:36 +0100)
commit	1c28b206ae494e867778afb1dc8ee62163cc064d
tree	0dd3217f75281ec7695d9672ba0f410644c6326d	tree \| snapshot
parent	54832355b0b10250e5c868645ea1fccb2acc0825	commit \| diff

SUNRPC: always free ctxt when freeing deferred request

[ Upstream commit 948f072ada23e0a504c5e4d7d71d4c83bd0785ec ]

Since the ->xprt_ctxt pointer was added to svc_deferred_req, it has not
been sufficient to use kfree() to free a deferred request.  We may need
to free the ctxt as well.

As freeing the ctxt is all that ->xpo_release_rqst() does, we repurpose
it to explicit do that even when the ctxt is not stored in an rqst.
So we now have ->xpo_release_ctxt() which is given an xprt and a ctxt,
which may have been taken either from an rqst or from a dreq.  The
caller is now responsible for clearing that pointer after the call to
->xpo_release_ctxt.

We also clear dr->xprt_ctxt when the ctxt is moved into a new rqst when
revisiting a deferred request.  This ensures there is only one pointer
to the ctxt, so the risk of double freeing in future is reduced.  The
new code in svc_xprt_release which releases both the ctxt and any
rq_deferred depends on this.

Fixes: 773f91b2cf3f ("SUNRPC: Fix NFSD's request deferral on RDMA transports")
Signed-off-by: NeilBrown <neilb@suse.de>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

include/linux/sunrpc/svc_rdma.h		diff \| blob \| history
include/linux/sunrpc/svc_xprt.h		diff \| blob \| history
net/sunrpc/svc_xprt.c		diff \| blob \| history
net/sunrpc/svcsock.c		diff \| blob \| history
net/sunrpc/xprtrdma/svc_rdma_recvfrom.c		diff \| blob \| history
net/sunrpc/xprtrdma/svc_rdma_transport.c		diff \| blob \| history