During investigation of an NFSv4 client crash reported by glebius@,

jhb@ spotted that nfscl_getstateid() might modify credentials when
called from nfsrpc_read() for the case where p != NULL, whereas
nfsrpc_read() only did a crdup() to get new credentials for p == NULL.
This bug was introduced by r195510, since pre-r195510 nfscl_getstateid()
only modified credentials for the p == NULL case. This patch modifies
nfsrpc_read()/nfsrpc_write() so that they do crdup() for the p != NULL case.
It is conceivable that this bug caused the crash reported by glebius@, but
that will not be determined for some time, since the crash occurred after
about 1month of operation.

Tested by:	glebius
Reviewed by:	jhb
MFC after:	2 weeks

sys/fs/nfsclient/nfs_clrpcops.c

@@ -1232,8 +1232,7 @@ nfsrpc_read(vnode_t vp, struct uio *uiop, struct ucred *cred,
 	newcred = cred;
 	if (NFSHASNFSV4(nmp)) {
 		nfhp = np->n_fhp;
-		if (p == NULL)
-			newcred = NFSNEWCRED(cred);
+		newcred = NFSNEWCRED(cred);
 	}
 	retrycnt = 0;
 	do {
@@ -1263,7 +1262,7 @@ nfsrpc_read(vnode_t vp, struct uio *uiop, struct ucred *cred,
 	     expireret == 0 && clidrev != 0 && retrycnt < 4));
 	if (error && retrycnt >= 4)
 		error = EIO;
-	if (NFSHASNFSV4(nmp) && p == NULL)
+	if (NFSHASNFSV4(nmp))
 		NFSFREECRED(newcred);
 	return (error);
 }
@@ -1384,8 +1383,7 @@ nfsrpc_write(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
 		clidrev = nmp->nm_clp->nfsc_clientidrev;
 	newcred = cred;
 	if (NFSHASNFSV4(nmp)) {
-		if (p == NULL)
-			newcred = NFSNEWCRED(cred);
+		newcred = NFSNEWCRED(cred);
 		nfhp = np->n_fhp;
 	}
 	retrycnt = 0;
@@ -1435,7 +1433,7 @@ nfsrpc_write(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
 	    ((error == NFSERR_STALESTATEID ||
 	      error == NFSERR_STALEDONTRECOVER) && called_from_strategy != 0)))
 		error = EIO;
-	if (NFSHASNFSV4(nmp) && p == NULL)
+	if (NFSHASNFSV4(nmp))
 		NFSFREECRED(newcred);
 	return (error);
 }