The old NFS client will crash due to the reply being m_freem()'d

twice if the server bogusly returns an error with the NFSERR_RETERR bit (bit 31) set. No actual NFS error has this bit set, but it seems that amd will sometimes do this. This patch makes sure the NFSERR_RETERR bit is cleared to avoid a crash. PR: kern/153847 MFC after: 2 weeks
2011-11-19 03:20:15 +00:00 · 2011-11-19 03:20:15 +00:00 · 80b93ff342
commit 80b93ff342
parent 059d10c7b6
1 changed files with 5 additions and 0 deletions
--- a/sys/nfsclient/nfs_krpc.c
+++ b/sys/nfsclient/nfs_krpc.c
@ -540,6 +540,11 @@ nfs_request(struct vnode *vp, struct mbuf *mreq, int procnum,
 				    hz);
 			goto tryagain;
 		}
+		/*
+		 * Make sure NFSERR_RETERR isn't bogusly set by a server
+		 * such as amd. (No actual NFS error has bit 31 set.)
+		 */
+		error &= ~NFSERR_RETERR;

 		/*
 		 * If the File Handle was stale, invalidate the lookup