Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a995e9eb authored by Trond Myklebust's avatar Trond Myklebust
Browse files

NLM: Fix double free in __nlm_async_call 



rpc_call_async() will always call rpc_release_calldata(), so it is an
error for __nlm_async_call() to do so as well.

Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent ce35a81a

fs/lockd/clntproc.c

+3 −6
Original line number Diff line number Diff line
@@ -361,7 +361,6 @@ static int __nlm_async_call(struct nlm_rqst *req, u32 proc, struct rpc_message * 
{

	struct nlm_host	*host = req->a_host;

	struct rpc_clnt	*clnt;

	int status = -ENOLCK;



	dprintk("lockd: call procedure %d on %s (async)\n",

			(int)proc, host->h_name);
@@ -373,12 +372,10 @@ static int __nlm_async_call(struct nlm_rqst *req, u32 proc, struct rpc_message * 
	msg->rpc_proc = &clnt->cl_procinfo[proc];



        /* bootstrap and kick off the async RPC call */

        status = rpc_call_async(clnt, msg, RPC_TASK_ASYNC, tk_ops, req);

	if (status == 0)

		return 0;

        return rpc_call_async(clnt, msg, RPC_TASK_ASYNC, tk_ops, req);

out_err:

	nlm_release_call(req);

	return status;

	tk_ops->rpc_release(req);

	return -ENOLCK;

}



int nlm_async_call(struct nlm_rqst *req, u32 proc, const struct rpc_call_ops *tk_ops)

fs/lockd/svclock.c

+1 −3
Original line number Diff line number Diff line
@@ -593,9 +593,7 @@ nlmsvc_grant_blocked(struct nlm_block *block) 


	/* Call the client */

	kref_get(&block->b_count);

	if (nlm_async_call(block->b_call, NLMPROC_GRANTED_MSG,

						&nlmsvc_grant_ops) < 0)

		nlmsvc_release_block(block);

	nlm_async_call(block->b_call, NLMPROC_GRANTED_MSG, &nlmsvc_grant_ops);

}



/*