From 80b93ff342561576dafd3bde303a43cda7494f9f Mon Sep 17 00:00:00 2001
From: Rick Macklem <rmacklem@FreeBSD.org>
Date: Sat, 19 Nov 2011 03:20:15 +0000
Subject: [PATCH] The old NFS client will crash due to the reply being
 m_freem()'d twice if the server bogusly returns an error with the
 NFSERR_RETERR bit (bit 31) set. No actual NFS error has this bit set, but it
 seems that amd will sometimes do this. This patch makes sure the
 NFSERR_RETERR bit is cleared to avoid a crash.

PR:		kern/153847
MFC after:	2 weeks
---
 sys/nfsclient/nfs_krpc.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sys/nfsclient/nfs_krpc.c b/sys/nfsclient/nfs_krpc.c
index 171f7aab0c81..c2406d96574b 100644
--- a/sys/nfsclient/nfs_krpc.c
+++ b/sys/nfsclient/nfs_krpc.c
@@ -540,6 +540,11 @@ nfs_request(struct vnode *vp, struct mbuf *mreq, int procnum,
 				    hz);
 			goto tryagain;
 		}
+		/*
+		 * Make sure NFSERR_RETERR isn't bogusly set by a server
+		 * such as amd. (No actual NFS error has bit 31 set.)
+		 */
+		error &= ~NFSERR_RETERR;
 
 		/*
 		 * If the File Handle was stale, invalidate the lookup