Date: Wed, 26 Apr 2017 22:04:55 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r317466 - stable/11/sys/rpc Message-ID: <201704262204.v3QM4tc9096401@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Wed Apr 26 22:04:55 2017 New Revision: 317466 URL: https://svnweb.freebsd.org/changeset/base/317466 Log: MFC: r316694 Fix a crash during unmount of an NFSv4.1 mount. Larry Rosenman reported a crash on freebsd-current@ which was caused by a premature release of the krpc backchannel socket structure. I believe this was caused by a race between the SVC_RELEASE() in clnt_vc.c and the xprt_unregister() in the higher layer (clnt_rc.c), which tried to lock the mutex in the xprt structure and crashed. This patch fixes this by removing the xprt_unregister() in the clnt_vc layer and allowing this to always be done by the clnt_rc (higher reconnect layer). Modified: stable/11/sys/rpc/clnt_rc.c stable/11/sys/rpc/clnt_vc.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/rpc/clnt_rc.c ============================================================================== --- stable/11/sys/rpc/clnt_rc.c Wed Apr 26 21:54:53 2017 (r317465) +++ stable/11/sys/rpc/clnt_rc.c Wed Apr 26 22:04:55 2017 (r317466) @@ -450,7 +450,6 @@ clnt_reconnect_control(CLIENT *cl, u_int case CLSET_BACKCHANNEL: xprt = (SVCXPRT *)info; - SVC_ACQUIRE(xprt); xprt_register(xprt); rc->rc_backchannel = info; break; Modified: stable/11/sys/rpc/clnt_vc.c ============================================================================== --- stable/11/sys/rpc/clnt_vc.c Wed Apr 26 21:54:53 2017 (r317465) +++ stable/11/sys/rpc/clnt_vc.c Wed Apr 26 22:04:55 2017 (r317466) @@ -790,7 +790,7 @@ clnt_vc_destroy(CLIENT *cl) sx_xlock(&xprt->xp_lock); mtx_lock(&ct->ct_lock); xprt->xp_p2 = NULL; - xprt_unregister(xprt); + sx_xunlock(&xprt->xp_lock); } if (ct->ct_socket) { @@ -800,10 +800,6 @@ clnt_vc_destroy(CLIENT *cl) } mtx_unlock(&ct->ct_lock); - if (xprt != NULL) { - sx_xunlock(&xprt->xp_lock); - SVC_RELEASE(xprt); - } mtx_destroy(&ct->ct_lock); if (so) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201704262204.v3QM4tc9096401>