mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 12:54:27 +00:00
e1a907a25c
Michael Dexter <editor@callfortesting.org> reported a crash in FreeNAS, where the first argument to clnt_bck_svccall() was no longer valid. This argument is a pointer to the callback CLIENT structure, which is free'd when the associated NFSv4 ClientID is free'd. This appears to have occurred because a callback reply was still in the socket receive queue when the CLIENT structure was free'd. This patch acquires a reference count on the CLIENT that is not CLNT_RELEASE()'d until the socket structure is destroyed. This should guarantee that the CLIENT structure is still valid when clnt_bck_svccall() is called. It also adds a check for closed or closing to clnt_bck_svccall() so that it will not process the callback RPC reply message after the ClientID is free'd. Comments by: mav MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D30153 |
||
---|---|---|
.. | ||
rpcsec_gss | ||
rpcsec_tls | ||
auth.h | ||
auth_none.c | ||
auth_unix.c | ||
authunix_prot.c | ||
clnt.h | ||
clnt_bck.c | ||
clnt_dg.c | ||
clnt_rc.c | ||
clnt_stat.h | ||
clnt_vc.c | ||
getnetconfig.c | ||
krpc.h | ||
netconfig.h | ||
nettype.h | ||
pmap_prot.h | ||
replay.c | ||
replay.h | ||
rpc.h | ||
rpc_callmsg.c | ||
rpc_com.h | ||
rpc_generic.c | ||
rpc_msg.h | ||
rpc_prot.c | ||
rpcb_clnt.c | ||
rpcb_clnt.h | ||
rpcb_prot.c | ||
rpcb_prot.h | ||
rpcm_subs.h | ||
rpcsec_gss.h | ||
rpcsec_tls.h | ||
svc.c | ||
svc.h | ||
svc_auth.c | ||
svc_auth.h | ||
svc_auth_unix.c | ||
svc_dg.c | ||
svc_generic.c | ||
svc_vc.c | ||
types.h | ||
xdr.h |