summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorShehjar Tikoo <shehjart@gluster.com>2010-04-12 21:57:35 +0000
committerAnand V. Avati <avati@dev.gluster.com>2010-04-13 10:01:49 -0700
commit4b754a77545fb7db030471fd4d84b8eee6008d7c (patch)
tree1e59d8e3ecda694f5947fa6049be43fb9364c9bf
parent3d125eaed2fbf71c8c6dcddd45a9fa61ef4a4448 (diff)
nfs3: Use nfs3state in call_state to avoid getting from rpc request
This change avoids having the nfs translator depend on the sanity of the rpcsvc_request_t type after NFS reply has been sent. This was a problem because the request structure is guaranteed to be invalid after the reply for the request has been submitted by the RPC program. NFS3 handler was ignoring this behaviour and accessing the private in request after reply submission resulting in access to corrupted data. Signed-off-by: Shehjar Tikoo <shehjart@gluster.com> Signed-off-by: Anand V. Avati <avati@dev.gluster.com> BUG: 757 ([NFS-Alpha] Crash in nfs3_call_state_wipe) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=757
-rw-r--r--xlators/nfs/server/src/nfs3.c3
-rw-r--r--xlators/nfs/server/src/nfs3.h1
2 files changed, 3 insertions, 1 deletions
diff --git a/xlators/nfs/server/src/nfs3.c b/xlators/nfs/server/src/nfs3.c
index 712bbcaf382..57d9f576eb1 100644
--- a/xlators/nfs/server/src/nfs3.c
+++ b/xlators/nfs/server/src/nfs3.c
@@ -181,6 +181,7 @@ nfs3_call_state_init (struct nfs3_state *s, rpcsvc_request_t *req, xlator_t *v)
cs->req = req;
cs->vol = v;
cs->nfsx = s->nfsx;
+ cs->nfs3state = s;
return cs;
}
@@ -192,7 +193,7 @@ nfs3_call_state_wipe (nfs3_call_state_t *cs)
if (!cs)
return;
- nfs3 = rpcsvc_request_program_private (cs->req);
+ nfs3 = cs->nfs3state;
if (cs->fd) {
gf_log (GF_NFS3, GF_LOG_TRACE, "fd ref: %d", cs->fd->refcount);
fd_unref (cs->fd);
diff --git a/xlators/nfs/server/src/nfs3.h b/xlators/nfs/server/src/nfs3.h
index 1ec5a20a802..bb5fbb75033 100644
--- a/xlators/nfs/server/src/nfs3.h
+++ b/xlators/nfs/server/src/nfs3.h
@@ -148,6 +148,7 @@ struct nfs3_local {
xlator_t *vol;
nfs3_resume_fn_t resume_fn;
xlator_t *nfsx;
+ struct nfs3_state *nfs3state;
/* The list hook to attach this call state to the inode's queue till
* the opening of the fd on the inode completes.