diff options
author | Shehjar Tikoo <shehjart@gluster.com> | 2010-04-12 21:57:35 +0000 |
---|---|---|
committer | Anand V. Avati <avati@dev.gluster.com> | 2010-04-13 10:01:49 -0700 |
commit | 4b754a77545fb7db030471fd4d84b8eee6008d7c (patch) | |
tree | 1e59d8e3ecda694f5947fa6049be43fb9364c9bf | |
parent | 3d125eaed2fbf71c8c6dcddd45a9fa61ef4a4448 (diff) |
nfs3: Use nfs3state in call_state to avoid getting from rpc request
This change avoids having the nfs translator depend on the sanity
of the rpcsvc_request_t type after NFS reply has been sent. This
was a problem because the request structure is guaranteed to be
invalid after the reply for the request has been submitted by the
RPC program. NFS3 handler was ignoring this behaviour and accessing
the private in request after reply submission resulting in access to
corrupted data.
Signed-off-by: Shehjar Tikoo <shehjart@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>
BUG: 757 ([NFS-Alpha] Crash in nfs3_call_state_wipe)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=757
-rw-r--r-- | xlators/nfs/server/src/nfs3.c | 3 | ||||
-rw-r--r-- | xlators/nfs/server/src/nfs3.h | 1 |
2 files changed, 3 insertions, 1 deletions
diff --git a/xlators/nfs/server/src/nfs3.c b/xlators/nfs/server/src/nfs3.c index 712bbcaf3..57d9f576e 100644 --- a/xlators/nfs/server/src/nfs3.c +++ b/xlators/nfs/server/src/nfs3.c @@ -181,6 +181,7 @@ nfs3_call_state_init (struct nfs3_state *s, rpcsvc_request_t *req, xlator_t *v) cs->req = req; cs->vol = v; cs->nfsx = s->nfsx; + cs->nfs3state = s; return cs; } @@ -192,7 +193,7 @@ nfs3_call_state_wipe (nfs3_call_state_t *cs) if (!cs) return; - nfs3 = rpcsvc_request_program_private (cs->req); + nfs3 = cs->nfs3state; if (cs->fd) { gf_log (GF_NFS3, GF_LOG_TRACE, "fd ref: %d", cs->fd->refcount); fd_unref (cs->fd); diff --git a/xlators/nfs/server/src/nfs3.h b/xlators/nfs/server/src/nfs3.h index 1ec5a20a8..bb5fbb750 100644 --- a/xlators/nfs/server/src/nfs3.h +++ b/xlators/nfs/server/src/nfs3.h @@ -148,6 +148,7 @@ struct nfs3_local { xlator_t *vol; nfs3_resume_fn_t resume_fn; xlator_t *nfsx; + struct nfs3_state *nfs3state; /* The list hook to attach this call state to the inode's queue till * the opening of the fd on the inode completes. |