afs: Fix vlserver record corruption

Because I made the afs_call struct share pointers to an afs_server object
and an afs_vlserver object to save space, afs_put_call() calls
afs_put_server() on afs_vlserver object (which is only meant for the
afs_server object) because it sees that call->server isn't NULL.

This means that the afs_vlserver object gets unpredictably and randomly
modified, depending on what config options are set (such as lockdep).

Fix this by getting rid of the union and having two non-overlapping
pointers in the afs_call struct.

Fixes: ffba718e9354 ("afs: Get rid of afs_call::reply[]")
Signed-off-by: David Howells <dhowells@redhat.com>

diff --git a/fs/afs/internal.h b/fs/afs/internal.h
index 2073c1a3ab4b658606c42b52a153d057de72cd1c..c9495c8dea93646eef7dfc06c8a737c8c5ac67db 100644 (file)
--- a/fs/afs/internal.h
+++ b/fs/afs/internal.h
@@ -113,10 +113,8 @@ struct afs_call {
        struct rxrpc_call       *rxcall;        /* RxRPC call handle */
        struct key              *key;           /* security for this call */
        struct afs_net          *net;           /* The network namespace */
-       union {
-               struct afs_server       *server;
-               struct afs_vlserver     *vlserver;
-       };
+       struct afs_server       *server;        /* The fileserver record if fs op (pins ref) */
+       struct afs_vlserver     *vlserver;      /* The vlserver record if vl op */
        struct afs_cb_interest  *cbi;           /* Callback interest for server used */
        struct afs_vnode        *lvnode;        /* vnode being locked */
        void                    *request;       /* request data (first part) */