Author: kib
Date: Sat Jun 18 20:22:53 2016
New Revision: 302013
URL: https://svnweb.freebsd.org/changeset/base/302013
Log:
After the vnode unlock, mount point might be destroyed immediately,
dropping the reference on mnt_cred. Prevent this by referencing the
temporal credentials before unlock.
Tested by: pho
Reviewed by: dfr
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Approved by: re (gjb)
Modified:
head/sys/nlm/nlm_advlock.c
Modified: head/sys/nlm/nlm_advlock.c
==============================================================================
--- head/sys/nlm/nlm_advlock.c Sat Jun 18 20:20:00 2016 (r302012)
+++ head/sys/nlm/nlm_advlock.c Sat Jun 18 20:22:53 2016 (r302013)
@@ -210,7 +210,7 @@ nlm_advlock_internal(struct vnode *vp, v
struct rpc_callextra ext;
struct nlm_feedback_arg nf;
AUTH *auth;
- struct ucred *cred;
+ struct ucred *cred, *cred1;
struct nlm_file_svid *ns;
int svid;
int error;
@@ -240,15 +240,17 @@ nlm_advlock_internal(struct vnode *vp, v
else
retries = INT_MAX;
- if (unlock_vp)
- VOP_UNLOCK(vp, 0);
-
/*
* We need to switch to mount-point creds so that we can send
- * packets from a privileged port.
+ * packets from a privileged port. Reference mnt_cred and
+ * switch to them before unlocking the vnode, since mount
+ * point could be unmounted right after unlock.
*/
cred = td->td_ucred;
td->td_ucred = vp->v_mount->mnt_cred;
+ crhold(td->td_ucred);
+ if (unlock_vp)
+ VOP_UNLOCK(vp, 0);
host = nlm_find_host_by_name(servername, sa, vers);
auth = authunix_create(cred);
@@ -373,7 +375,9 @@ nlm_advlock_internal(struct vnode *vp, v
if (ns)
nlm_free_svid(ns);
+ cred1 = td->td_ucred;
td->td_ucred = cred;
+ crfree(cred1);
AUTH_DESTROY(auth);
nlm_host_release(host);
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
