projects / GitHub / exynos8895 / android_kernel_samsung_universal8895.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a995e9e)
RPC: Fix double free in portmapper code
authorTrond Myklebust <Trond.Myklebust@netapp.com>
Sat, 3 Feb 2007 21:38:40 +0000 (13:38 -0800)
committerTrond Myklebust <Trond.Myklebust@netapp.com>
Sat, 3 Feb 2007 23:35:02 +0000 (15:35 -0800)
rpc_run_task is guaranteed to always call ->rpc_release.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
net/sunrpc/pmap_clnt.c patch | blob | blame | history

diff --git a/net/sunrpc/pmap_clnt.c b/net/sunrpc/pmap_clnt.c
index 3946ec3eb517a674881fc3b8d35277f2a5f3de44..76e59e9b8fb87cd79d4c8bea3ec638a1170163dd 100644 (file)
--- a/net/sunrpc/pmap_clnt.c
+++ b/net/sunrpc/pmap_clnt.c
@@ -62,7 +62,10 @@ static inline void pmap_map_free(struct portmap_args *map)
 
 static void pmap_map_release(void *data)
 {
-       pmap_map_free(data);
+       struct portmap_args *map = data;
+
+       xprt_put(map->pm_xprt);
+       pmap_map_free(map);
 }
 
 static const struct rpc_call_ops pmap_getport_ops = {
@@ -133,7 +136,7 @@ void rpc_getport(struct rpc_task *task)
        status = -EIO;
        child = rpc_run_task(pmap_clnt, RPC_TASK_ASYNC, &pmap_getport_ops, map);
        if (IS_ERR(child))
-               goto bailout;
+               goto bailout_nofree;
        rpc_put_task(child);
 
        task->tk_xprt->stat.bind_count++;
@@ -222,7 +225,6 @@ static void pmap_getport_done(struct rpc_task *child, void *data)
                        child->tk_pid, status, map->pm_port);
 
        pmap_wake_portmap_waiters(xprt, status);
-       xprt_put(xprt);
 }
 
 /**