From 4450fb18bb473aee8191d7954fe1e5a4206e5de9 Mon Sep 17 00:00:00 2001
From: xie xingguo <xie.xingguo@zte.com.cn>
Date: Sun, 12 Jun 2016 10:27:12 +0800
Subject: [PATCH] server: fix potential access violation

The mdcache->request_start() method may lose the forward race
against a slave and thus may either drop the last reference of the
passed in message or push the message into the waiting_for_finish
list for a later retry.

In either case we shall stall and exit, otherwise we'll access
violation especifally for the former case(as we drop the last
reference of "req" and it shall be destructed by now).

Signed-off-by: xie xingguo <xie.xingguo@zte.com.cn>
---
 src/mds/Server.cc | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/src/mds/Server.cc b/src/mds/Server.cc
index b799684d24288..5d7d240e9d65c 100644
--- a/src/mds/Server.cc
+++ b/src/mds/Server.cc
@@ -1426,15 +1426,17 @@ void Server::handle_client_request(MClientRequest *req)
 
   // register + dispatch
   MDRequestRef mdr = mdcache->request_start(req);
-  if (mdr.get()) {
-    if (session) {
-      mdr->session = session;
-      session->requests.push_back(&mdr->item_session_request);
-    }
-    if (has_completed)
-      mdr->has_completed = true;
+  if (!mdr.get())
+    return;
+
+  if (session) {
+    mdr->session = session;
+    session->requests.push_back(&mdr->item_session_request);
   }
 
+  if (has_completed)
+    mdr->has_completed = true;
+
   // process embedded cap releases?
   //  (only if NOT replay!)
   if (!req->releases.empty() && req->get_source().is_client() && !req->is_replay()) {
@@ -1446,8 +1448,7 @@ void Server::handle_client_request(MClientRequest *req)
     req->releases.clear();
   }
 
-  if (mdr.get())
-    dispatch_client_request(mdr);
+  dispatch_client_request(mdr);
   return;
 }
 
-- 
2.39.5