diff options
author | Greg Banks <gnb@sgi.com> | 2009-04-01 07:28:15 +1100 |
---|---|---|
committer | J. Bruce Fields <bfields@citi.umich.edu> | 2009-05-27 14:14:02 -0400 |
commit | cf0a586cf41a1779edeee7562afb5d0ab46c7cf4 (patch) | |
tree | 3ede97c75e5adf69b19c397209dd60904ee26f4e /fs | |
parent | fca4217c5bab31019b5247e977673c9fcc385f6b (diff) | |
download | linux-next-cf0a586cf41a1779edeee7562afb5d0ab46c7cf4.tar.gz |
knfsd: fix reply cache memory corruption
Fix a regression in the reply cache introduced when the code was
converted to use proper Linux lists. When a new entry needs to be
inserted, the case where all the entries are currently being used
by threads is not correctly detected. This can result in memory
corruption and a crash. In the current code this is an extremely
unlikely corner case; it would require the machine to have 1024
nfsd threads and all of them to be busy at the same time. However,
upcoming reply cache changes make this more likely; a crash due to
this problem was actually observed in field.
Signed-off-by: Greg Banks <gnb@sgi.com>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/nfsd/nfscache.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c index 6f0aa4989c61..4638635c5d87 100644 --- a/fs/nfsd/nfscache.c +++ b/fs/nfsd/nfscache.c @@ -174,8 +174,8 @@ nfsd_cache_lookup(struct svc_rqst *rqstp, int type) } } - /* This should not happen */ - if (rp == NULL) { + /* All entries on the LRU are in-progress. This should not happen */ + if (&rp->c_lru == &lru_head) { static int complaints; printk(KERN_WARNING "nfsd: all repcache entries locked!\n"); |