• J. Bruce Fields's avatar
    svcrpc: fix BUG() in svc_tcp_clear_pages · be1e4444
    J. Bruce Fields authored
    Examination of svc_tcp_clear_pages shows that it assumes sk_tcplen is
    consistent with sk_pages[] (in particular, sk_pages[n] can't be NULL if
    sk_tcplen would lead us to expect n pages of data).
    
    svc_tcp_restore_pages zeroes out sk_pages[] while leaving sk_tcplen.
    This is OK, since both functions are serialized by XPT_BUSY.  However,
    that means the inconsistency must be repaired before dropping XPT_BUSY.
    
    Therefore we should be ensuring that svc_tcp_save_pages repairs the
    problem before exiting svc_tcp_recv_record on error.
    
    Symptoms were a BUG() in svc_tcp_clear_pages.
    
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
    be1e4444
svcsock.c 42.9 KB