Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 10 Apr 2017 22:47:19 +0000 (UTC)
From:      Rick Macklem <rmacklem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r316694 - head/sys/rpc
Message-ID:  <201704102247.v3AMlJaw087476@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: rmacklem
Date: Mon Apr 10 22:47:18 2017
New Revision: 316694
URL: https://svnweb.freebsd.org/changeset/base/316694

Log:
  Fix a crash during unmount of an NFSv4.1 mount.
  
  Larry Rosenman reported a crash on freebsd-current@ which was caused by
  a premature release of the krpc backchannel socket structure.
  I believe this was caused by a race between the SVC_RELEASE() in clnt_vc.c
  and the xprt_unregister() in the higher layer (clnt_rc.c), which tried
  to lock the mutex in the xprt structure and crashed.
  This patch fixes this by removing the xprt_unregister() in the clnt_vc
  layer and allowing this to always be done by the clnt_rc (higher reconnect
  layer).
  
  Reported by:	ler@lerctr.org
  Tested by:	ler@letctr.org
  MFC after:	2 weeks

Modified:
  head/sys/rpc/clnt_rc.c
  head/sys/rpc/clnt_vc.c

Modified: head/sys/rpc/clnt_rc.c
==============================================================================
--- head/sys/rpc/clnt_rc.c	Mon Apr 10 22:46:34 2017	(r316693)
+++ head/sys/rpc/clnt_rc.c	Mon Apr 10 22:47:18 2017	(r316694)
@@ -450,7 +450,6 @@ clnt_reconnect_control(CLIENT *cl, u_int
 
 	case CLSET_BACKCHANNEL:
 		xprt = (SVCXPRT *)info;
-		SVC_ACQUIRE(xprt);
 		xprt_register(xprt);
 		rc->rc_backchannel = info;
 		break;

Modified: head/sys/rpc/clnt_vc.c
==============================================================================
--- head/sys/rpc/clnt_vc.c	Mon Apr 10 22:46:34 2017	(r316693)
+++ head/sys/rpc/clnt_vc.c	Mon Apr 10 22:47:18 2017	(r316694)
@@ -790,7 +790,7 @@ clnt_vc_destroy(CLIENT *cl)
 		sx_xlock(&xprt->xp_lock);
 		mtx_lock(&ct->ct_lock);
 		xprt->xp_p2 = NULL;
-		xprt_unregister(xprt);
+		sx_xunlock(&xprt->xp_lock);
 	}
 
 	if (ct->ct_socket) {
@@ -800,10 +800,6 @@ clnt_vc_destroy(CLIENT *cl)
 	}
 
 	mtx_unlock(&ct->ct_lock);
-	if (xprt != NULL) {
-		sx_xunlock(&xprt->xp_lock);
-		SVC_RELEASE(xprt);
-	}
 
 	mtx_destroy(&ct->ct_lock);
 	if (so) {



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201704102247.v3AMlJaw087476>