smb: client: let recv_done() avoid touching data_transfer after cleanup/move (24eff178) · Commits · git / linux-nf

fs/smb/client/smbdirect.c

+11 −14

Original line number	Diff line number	Diff line
		@@ -479,10 +479,6 @@ static void recv_done(struct ib_cq cq, struct ib_wc wc)
		data_transfer = smbd_response_payload(response);
		data_length = le32_to_cpu(data_transfer->data_length);

		/*
		* If this is a packet with data playload place the data in
		* reassembly queue and wake up the reading thread
		*/
		if (data_length) {
		if (info->full_packet_received)
		response->first_segment = true;
		@@ -491,16 +487,7 @@ static void recv_done(struct ib_cq cq, struct ib_wc wc)
		info->full_packet_received = false;
		else
		info->full_packet_received = true;

		enqueue_reassembly(
		info,
		response,
		data_length);
		} else
		put_receive_buffer(info, response);

		if (data_length)
		wake_up_interruptible(&info->wait_reassembly_queue);
		}

		atomic_dec(&info->receive_credits);
		info->receive_credit_target =
		@@ -528,6 +515,16 @@ static void recv_done(struct ib_cq cq, struct ib_wc wc)
		info->keep_alive_requested = KEEP_ALIVE_PENDING;
		}

		/*
		* If this is a packet with data playload place the data in
		* reassembly queue and wake up the reading thread
		*/
		if (data_length) {
		enqueue_reassembly(info, response, data_length);
		wake_up_interruptible(&info->wait_reassembly_queue);
		} else
		put_receive_buffer(info, response);

		return;
		}