From d88296a89fa7b699f237de7a86e30ce4995a2a4f Mon Sep 17 00:00:00 2001
From: rmacklem <rmacklem@FreeBSD.org>
Date: Wed, 17 Jun 2009 22:50:26 +0000
Subject: Since svc_[dg|vc|tli|tp]_create() did not hold a reference count on
 the SVCXPTR structure returned by them, it was possible for the structure to
 be free'd before svc_reg() had been completed using the structure. This patch
 acquires a reference count on the newly created structure that is returned by
 svc_[dg|vc|tli|tp]_create(). It also adds the appropriate SVC_RELEASE() calls
 to the callers, except the experimental nfs subsystem. The latter will be
 committed separately.

Submitted by:	dfr
Tested by:	pho
Approved by:	kib (mentor)
---
 sys/nfsserver/nfs_srvkrpc.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'sys/nfsserver')

diff --git a/sys/nfsserver/nfs_srvkrpc.c b/sys/nfsserver/nfs_srvkrpc.c
index 6fe28aa..99edac5 100644
--- a/sys/nfsserver/nfs_srvkrpc.c
+++ b/sys/nfsserver/nfs_srvkrpc.c
@@ -467,6 +467,7 @@ nfssvc_addsock(struct file *fp, struct thread *td)
 		fp->f_data = NULL;
 		svc_reg(xprt, NFS_PROG, NFS_VER2, nfssvc_program, NULL);
 		svc_reg(xprt, NFS_PROG, NFS_VER3, nfssvc_program, NULL);
+		SVC_RELEASE(xprt);
 	}
 
 	return (0);
-- 
cgit v1.1