From: Eric Van Hensbergen <ericvh@gmail.com>
Fix for problem reported by DEac- in which a recursive traversal through a
single threaded server times out and then crashes the system when the
single threaded server unblocks and sends the packet that was timed out.
Problem was caused by a pointer which needed to be initialized every time
through the event loop in recv proc, but was previously only intialized
prior to entering the loop.
Signed-off-by: Eric Van Hensbergen <ericvh@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---
fs/9p/mux.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff -puN fs/9p/mux.c~v9fs-transport-modules-fix-timeout-segfault-corner-case fs/9p/mux.c
--- devel/fs/9p/mux.c~v9fs-transport-modules-fix-timeout-segfault-corner-case 2005-07-14 16:23:38.000000000 -0700
+++ devel-akpm/fs/9p/mux.c 2005-07-14 16:23:38.000000000 -0700
@@ -175,7 +175,7 @@ static int v9fs_recv(struct v9fs_session
spin_unlock(&v9ses->muxlock);
}
if (ret == 0) { /* timeout */
- dprintk(DEBUG_MUX, "Connection timeout after %u (%u)\n",
+ dprintk(DEBUG_ERROR, "Connection timeout after %u (%u)\n",
v9ses->timeout,
(unsigned int)msecs_to_jiffies(v9ses->timeout));
v9ses->session_hung = 1;
@@ -344,26 +344,26 @@ static int v9fs_recvproc(void *data)
struct v9fs_fcall *rcall = NULL;
struct list_head *rptr;
struct list_head *rrptr;
- struct v9fs_rpcreq *req = NULL;
+ struct v9fs_rpcreq *req;
int err = 0;
allow_signal(SIGKILL);
set_current_state(TASK_INTERRUPTIBLE);
complete(&v9ses->proccmpl);
while (!kthread_should_stop() && err >= 0) {
+ req = NULL;
+
rcall = kmalloc(v9ses->maxdata + V9FS_IOHDRSZ, GFP_KERNEL);
if(!rcall) {
eprintk(KERN_ERR, "no memory for buffers\n");
break;
}
- dprintk(DEBUG_MUX, "waiting for message\n");
err = read_message(v9ses, rcall, v9ses->maxdata + V9FS_IOHDRSZ);
if (err < 0) {
kfree(rcall);
break;
}
-
spin_lock(&v9ses->muxlock);
list_for_each_safe(rptr, rrptr, &v9ses->mux_fcalls) {
struct v9fs_rpcreq *rreq =
_