From f0a67116809a4da6e49f05917afce94700cdf014 Mon Sep 17 00:00:00 2001
From: rmacklem <rmacklem@FreeBSD.org>
Date: Sat, 19 Nov 2011 03:20:15 +0000
Subject: The old NFS client will crash due to the reply being m_freem()'d
 twice if the server bogusly returns an error with the NFSERR_RETERR bit (bit
 31) set. No actual NFS error has this bit set, but it seems that amd will
 sometimes do this. This patch makes sure the NFSERR_RETERR bit is cleared to
 avoid a crash.

PR:		kern/153847
MFC after:	2 weeks
---
 sys/nfsclient/nfs_krpc.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'sys/nfsclient')

diff --git a/sys/nfsclient/nfs_krpc.c b/sys/nfsclient/nfs_krpc.c
index 171f7aa..c2406d9 100644
--- a/sys/nfsclient/nfs_krpc.c
+++ b/sys/nfsclient/nfs_krpc.c
@@ -540,6 +540,11 @@ tryagain:
 				    hz);
 			goto tryagain;
 		}
+		/*
+		 * Make sure NFSERR_RETERR isn't bogusly set by a server
+		 * such as amd. (No actual NFS error has bit 31 set.)
+		 */
+		error &= ~NFSERR_RETERR;
 
 		/*
 		 * If the File Handle was stale, invalidate the lookup
-- 
cgit v1.1