| From stable-bounces@linux.kernel.org Mon Feb 5 12:34:58 2007 |
| From: Trond Myklebust <Trond.Myklebust@netapp.com> |
| Date: Mon, 05 Feb 2007 12:33:22 -0800 |
| Subject: RPM: fix double free in portmapper code |
| To: stable@kernel.org |
| Cc: neilb@suse.de, kas@fi.muni.cz, akpm@linux-foundation.org, Trond.Myklebust@netapp.com |
| Message-ID: <200702052033.l15KXMIU030346@shell0.pdx.osdl.net> |
| |
| |
| From: Trond Myklebust <Trond.Myklebust@netapp.com> |
| |
| rpc_run_task is guaranteed to always call ->rpc_release. |
| |
| Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> |
| Cc: Neil Brown <neilb@suse.de> |
| Cc: Jan "Yenya" Kasprzak <kas@fi.muni.cz> |
| Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| |
| --- |
| net/sunrpc/pmap_clnt.c | 8 +++++--- |
| 1 file changed, 5 insertions(+), 3 deletions(-) |
| |
| --- linux-2.6.20.1.orig/net/sunrpc/pmap_clnt.c |
| +++ linux-2.6.20.1/net/sunrpc/pmap_clnt.c |
| @@ -62,7 +62,10 @@ static inline void pmap_map_free(struct |
| |
| static void pmap_map_release(void *data) |
| { |
| - pmap_map_free(data); |
| + struct portmap_args *map = data; |
| + |
| + xprt_put(map->pm_xprt); |
| + pmap_map_free(map); |
| } |
| |
| static const struct rpc_call_ops pmap_getport_ops = { |
| @@ -133,7 +136,7 @@ void rpc_getport(struct rpc_task *task) |
| status = -EIO; |
| child = rpc_run_task(pmap_clnt, RPC_TASK_ASYNC, &pmap_getport_ops, map); |
| if (IS_ERR(child)) |
| - goto bailout; |
| + goto bailout_nofree; |
| rpc_put_task(child); |
| |
| task->tk_xprt->stat.bind_count++; |
| @@ -222,7 +225,6 @@ static void pmap_getport_done(struct rpc |
| child->tk_pid, status, map->pm_port); |
| |
| pmap_wake_portmap_waiters(xprt, status); |
| - xprt_put(xprt); |
| } |
| |
| /** |
