During investigation of an NFSv4 client crash reported by glebius@,

jhb@ spotted that nfscl_getstateid() might modify credentials when
called from nfsrpc_read() for the case where p != NULL, whereas
nfsrpc_read() only did a crdup() to get new credentials for p == NULL.
This bug was introduced by r195510, since pre-r195510 nfscl_getstateid()
only modified credentials for the p == NULL case. This patch modifies
nfsrpc_read()/nfsrpc_write() so that they do crdup() for the p != NULL case.
It is conceivable that this bug caused the crash reported by glebius@, but
that will not be determined for some time, since the crash occurred after
about 1month of operation.

Tested by:	glebius
Reviewed by:	jhb
MFC after:	2 weeks
This commit is contained in:
Rick Macklem 2011-12-23 02:04:35 +00:00
parent 53fc6e1e4d
commit f855a3c570

View File

@ -1232,8 +1232,7 @@ nfsrpc_read(vnode_t vp, struct uio *uiop, struct ucred *cred,
newcred = cred;
if (NFSHASNFSV4(nmp)) {
nfhp = np->n_fhp;
if (p == NULL)
newcred = NFSNEWCRED(cred);
newcred = NFSNEWCRED(cred);
}
retrycnt = 0;
do {
@ -1263,7 +1262,7 @@ nfsrpc_read(vnode_t vp, struct uio *uiop, struct ucred *cred,
expireret == 0 && clidrev != 0 && retrycnt < 4));
if (error && retrycnt >= 4)
error = EIO;
if (NFSHASNFSV4(nmp) && p == NULL)
if (NFSHASNFSV4(nmp))
NFSFREECRED(newcred);
return (error);
}
@ -1384,8 +1383,7 @@ nfsrpc_write(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
clidrev = nmp->nm_clp->nfsc_clientidrev;
newcred = cred;
if (NFSHASNFSV4(nmp)) {
if (p == NULL)
newcred = NFSNEWCRED(cred);
newcred = NFSNEWCRED(cred);
nfhp = np->n_fhp;
}
retrycnt = 0;
@ -1435,7 +1433,7 @@ nfsrpc_write(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
((error == NFSERR_STALESTATEID ||
error == NFSERR_STALEDONTRECOVER) && called_from_strategy != 0)))
error = EIO;
if (NFSHASNFSV4(nmp) && p == NULL)
if (NFSHASNFSV4(nmp))
NFSFREECRED(newcred);
return (error);
}