[pnfs] [PATCH] PNFS: filelayout_commit corrupts RPC all_tasks
Tom Tucker
tom at opengridcomputing.com
Wed Sep 5 14:52:06 EDT 2007
The filelayout_commit function incorrectly releases the nfs_write_data
pointed to by 'data'. Basically, the task contained in the nfs_write_data
structure has already been initialized (rpc_init_task) up in the generic NFS
commit logic. Calling nfs4_commit_free frees the memory, but doesn't remove
the task from the RPC all_tasks list. With debug turned on, the task list
is corrupted immediately by poison_obj; without debug, a freed task is
sitting on the all_tasks list and will eventually be corrupted when the
memory is reused.
Signed-off-by: Tom Tucker <tom at opengridcomputing.com>
---
fs/nfs/nfs4filelayout.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/fs/nfs/nfs4filelayout.c b/fs/nfs/nfs4filelayout.c
index 86ced63..1a32925 100644
--- a/fs/nfs/nfs4filelayout.c
+++ b/fs/nfs/nfs4filelayout.c
@@ -583,7 +583,7 @@ filelayout_commit(struct pnfs_layout_typ
}
/* Release original commit data since it is not used */
- nfs4_commit_free(data);
+ rpc_release_task(&data->task);
return 0;
out_bad:
More information about the pNFS
mailing list