From: Eric Van Hensbergen Fix for problem reported by DEac- in which a recursive traversal through a single threaded server times out and then crashes the system when the single threaded server unblocks and sends the packet that was timed out. Problem was caused by a pointer which needed to be initialized every time through the event loop in recv proc, but was previously only intialized prior to entering the loop. Signed-off-by: Eric Van Hensbergen Signed-off-by: Andrew Morton --- fs/9p/mux.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) diff -puN fs/9p/mux.c~v9fs-transport-modules-fix-timeout-segfault-corner-case fs/9p/mux.c --- 25/fs/9p/mux.c~v9fs-transport-modules-fix-timeout-segfault-corner-case 2005-06-24 23:37:21.000000000 -0700 +++ 25-akpm/fs/9p/mux.c 2005-06-24 23:37:21.000000000 -0700 @@ -175,7 +175,7 @@ static int v9fs_recv(struct v9fs_session spin_unlock(&v9ses->muxlock); } if (ret == 0) { /* timeout */ - dprintk(DEBUG_MUX, "Connection timeout after %u (%u)\n", + dprintk(DEBUG_ERROR, "Connection timeout after %u (%u)\n", v9ses->timeout, (unsigned int)msecs_to_jiffies(v9ses->timeout)); v9ses->session_hung = 1; @@ -344,26 +344,26 @@ static int v9fs_recvproc(void *data) struct v9fs_fcall *rcall = NULL; struct list_head *rptr; struct list_head *rrptr; - struct v9fs_rpcreq *req = NULL; + struct v9fs_rpcreq *req; int err = 0; allow_signal(SIGKILL); set_current_state(TASK_INTERRUPTIBLE); complete(&v9ses->proccmpl); while (!kthread_should_stop() && err >= 0) { + req = NULL; + rcall = kmalloc(v9ses->maxdata + V9FS_IOHDRSZ, GFP_KERNEL); if(!rcall) { eprintk(KERN_ERR, "no memory for buffers\n"); break; } - dprintk(DEBUG_MUX, "waiting for message\n"); err = read_message(v9ses, rcall, v9ses->maxdata + V9FS_IOHDRSZ); if (err < 0) { kfree(rcall); break; } - spin_lock(&v9ses->muxlock); list_for_each_safe(rptr, rrptr, &v9ses->mux_fcalls) { struct v9fs_rpcreq *rreq = _