Date: Wed, 26 Apr 2017 22:40:08 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r317473 - stable/10/sys/rpc Message-ID: <201704262240.v3QMe81k009414@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Wed Apr 26 22:40:08 2017 New Revision: 317473 URL: https://svnweb.freebsd.org/changeset/base/317473 Log: MFC: r316694 Fix a crash during unmount of an NFSv4.1 mount. Larry Rosenman reported a crash on freebsd-current@ which was caused by a premature release of the krpc backchannel socket structure. I believe this was caused by a race between the SVC_RELEASE() in clnt_vc.c and the xprt_unregister() in the higher layer (clnt_rc.c), which tried to lock the mutex in the xprt structure and crashed. This patch fixes this by removing the xprt_unregister() in the clnt_vc layer and allowing this to always be done by the clnt_rc (higher reconnect layer). Modified: stable/10/sys/rpc/clnt_rc.c stable/10/sys/rpc/clnt_vc.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/rpc/clnt_rc.c ============================================================================== --- stable/10/sys/rpc/clnt_rc.c Wed Apr 26 22:33:09 2017 (r317472) +++ stable/10/sys/rpc/clnt_rc.c Wed Apr 26 22:40:08 2017 (r317473) @@ -450,7 +450,6 @@ clnt_reconnect_control(CLIENT *cl, u_int case CLSET_BACKCHANNEL: xprt = (SVCXPRT *)info; - SVC_ACQUIRE(xprt); xprt_register(xprt); rc->rc_backchannel = info; break; Modified: stable/10/sys/rpc/clnt_vc.c ============================================================================== --- stable/10/sys/rpc/clnt_vc.c Wed Apr 26 22:33:09 2017 (r317472) +++ stable/10/sys/rpc/clnt_vc.c Wed Apr 26 22:40:08 2017 (r317473) @@ -790,7 +790,7 @@ clnt_vc_destroy(CLIENT *cl) sx_xlock(&xprt->xp_lock); mtx_lock(&ct->ct_lock); xprt->xp_p2 = NULL; - xprt_unregister(xprt); + sx_xunlock(&xprt->xp_lock); } if (ct->ct_socket) { @@ -800,10 +800,6 @@ clnt_vc_destroy(CLIENT *cl) } mtx_unlock(&ct->ct_lock); - if (xprt != NULL) { - sx_xunlock(&xprt->xp_lock); - SVC_RELEASE(xprt); - } mtx_destroy(&ct->ct_lock); if (so) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201704262240.v3QMe81k009414>