Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0d3a34b4 authored by Trond Myklebust's avatar Trond Myklebust
Browse files

SUNRPC: Fix a double-free in rpcbind 



It is wrong to be freeing up the rpcbind arguments if the call to
rpcb_call_async() fails, since they should already have been freed up by
rpcb_map_release().

Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 2aac05a9

net/sunrpc/rpcb_clnt.c

+2 −4
Original line number Diff line number Diff line
@@ -365,18 +365,16 @@ void rpcb_getport_async(struct rpc_task *task) 
	rpc_release_client(rpcb_clnt);

	if (IS_ERR(child)) {

		status = -EIO;

		/* rpcb_map_release() has freed the arguments */

		dprintk("RPC: %5u %s: rpc_run_task failed\n",

			task->tk_pid, __func__);

		goto bailout;

		goto bailout_nofree;

	}

	rpc_put_task(child);



	task->tk_xprt->stat.bind_count++;

	return;



bailout:

	kfree(map);

	xprt_put(xprt);

bailout_nofree:

	rpcb_wake_rpcbind_waiters(xprt, status);

bailout_nowake: