• J. Bruce Fields's avatar
    svcrpc: fix list-corrupting race on nfsd shutdown · ebc63e53
    J. Bruce Fields authored
    After commit 3262c816 "[PATCH] knfsd:
    split svc_serv into pools", svc_delete_xprt (then svc_delete_socket) no
    longer removed its xpt_ready (then sk_ready) field from whatever list it
    was on, noting that there was no point since the whole list was about to
    be destroyed anyway.
    
    That was mostly true, but forgot that a few svc_xprt_enqueue()'s might
    still be hanging around playing with the about-to-be-destroyed list, and
    could get themselves into trouble writing to freed memory if we left
    this xprt on the list after freeing it.
    
    (This is actually functionally identical to a patch made first by Ben
    Greear, but with more comments.)
    
    Cc: stable@kernel.org
    Cc: gnb@fmeh.org
    Reported-by: default avatarBen Greear <greearb@candelatech.com>
    Tested-by: default avatarBen Greear <greearb@candelatech.com>
    Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
    ebc63e53
svc_xprt.c 33.4 KB