[AF_RXRPC]: Make the in-kernel AFS filesystem use AF_RXRPC.
Dan Carpenter
dan.carpenter at oracle.com
Fri Jul 19 05:20:15 EDT 2013
Hi David,
The patch 08e0e7c82eea: "[AF_RXRPC]: Make the in-kernel AFS
filesystem use AF_RXRPC." from Apr 26, 2007, leads to the following
static checker warning:
"fs/afs/cmservice.c:155 SRXAFSCB_CallBack()
warn: 'call' was already freed."
fs/afs/cmservice.c
142 static void SRXAFSCB_CallBack(struct work_struct *work)
143 {
144 struct afs_call *call = container_of(work, struct afs_call, work);
145
146 _enter("");
147
148 /* be sure to send the reply *before* attempting to spam the AFS server
149 * with FSFetchStatus requests on the vnodes with broken callbacks lest
150 * the AFS server get into a vicious cycle of trying to break further
151 * callbacks because it hadn't received completion of the CBCallBack op
152 * yet */
153 afs_send_empty_reply(call);
154
155 afs_break_callbacks(call->server, call->count, call->request);
156 _leave("");
The problem is that if afs_send_empty_reply() will free "call" if it
encounters any error. It would be simple enough to make
afs_send_empty_reply() return an error code on error and add a test to
prevent this, but I'm not actually sure it's the right thing to free
"call" there... Probably that leads to a double free somewhere.
regards,
dan carpenter
More information about the linux-afs
mailing list