diff options
author | rmacklem <rmacklem@FreeBSD.org> | 2013-11-03 23:17:30 +0000 |
---|---|---|
committer | rmacklem <rmacklem@FreeBSD.org> | 2013-11-03 23:17:30 +0000 |
commit | 7493efdad548a18ee5806e1200432f17e17738e6 (patch) | |
tree | e73184db6de450da76faeed7060e08bb13645762 /sys/fs | |
parent | 83816cd1d5f9ad93a052064d409da3cf98113384 (diff) | |
download | FreeBSD-src-7493efdad548a18ee5806e1200432f17e17738e6.zip FreeBSD-src-7493efdad548a18ee5806e1200432f17e17738e6.tar.gz |
During code inspection, I spotted that there was a code path where
CLNT_CONTROL() would be called on "client" after it was
released via CLNT_RELEASE(). It was unlikely that this
code path gets executed and I have not heard of any problem
report caused by this bug. This patch fixes the code so that
this cannot happen.
MFC after: 2 months
Diffstat (limited to 'sys/fs')
-rw-r--r-- | sys/fs/nfs/nfs_commonkrpc.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/sys/fs/nfs/nfs_commonkrpc.c b/sys/fs/nfs/nfs_commonkrpc.c index 47e5a37..bdba851 100644 --- a/sys/fs/nfs/nfs_commonkrpc.c +++ b/sys/fs/nfs/nfs_commonkrpc.c @@ -336,24 +336,25 @@ newnfs_connect(struct nfsmount *nmp, struct nfssockreq *nrp, mtx_lock(&nrp->nr_mtx); if (nrp->nr_client != NULL) { + mtx_unlock(&nrp->nr_mtx); /* * Someone else already connected. */ CLNT_RELEASE(client); } else { nrp->nr_client = client; + /* + * Protocols that do not require connections may be optionally + * left unconnected for servers that reply from a port other + * than NFS_PORT. + */ + if (nmp == NULL || (nmp->nm_flag & NFSMNT_NOCONN) == 0) { + mtx_unlock(&nrp->nr_mtx); + CLNT_CONTROL(client, CLSET_CONNECT, &one); + } else + mtx_unlock(&nrp->nr_mtx); } - /* - * Protocols that do not require connections may be optionally left - * unconnected for servers that reply from a port other than NFS_PORT. - */ - if (nmp == NULL || (nmp->nm_flag & NFSMNT_NOCONN) == 0) { - mtx_unlock(&nrp->nr_mtx); - CLNT_CONTROL(client, CLSET_CONNECT, &one); - } else { - mtx_unlock(&nrp->nr_mtx); - } /* Restore current thread's credentials. */ td->td_ucred = origcred; |