aboutsummaryrefslogtreecommitdiffstats
path: root/fs/lockd
diff options
context:
space:
mode:
authorTrond Myklebust <Trond.Myklebust@netapp.com>2007-02-02 18:37:43 -0500
committerTrond Myklebust <Trond.Myklebust@netapp.com>2007-02-03 18:35:02 -0500
commita995e9eb3258df6ab2e9f958e08003978e50d568 (patch)
tree03caf30a4c79f5b2254ad1f15b98bfe4d3519983 /fs/lockd
parentce35a81a71f405031ed6fd0d454d3aaa55dc8ed2 (diff)
NLM: Fix double free in __nlm_async_call
rpc_call_async() will always call rpc_release_calldata(), so it is an error for __nlm_async_call() to do so as well. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'fs/lockd')
-rw-r--r--fs/lockd/clntproc.c9
-rw-r--r--fs/lockd/svclock.c4
2 files changed, 4 insertions, 9 deletions
diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c
index 0b4acc1c5e7d..a5c019e1a447 100644
--- a/fs/lockd/clntproc.c
+++ b/fs/lockd/clntproc.c
@@ -361,7 +361,6 @@ static int __nlm_async_call(struct nlm_rqst *req, u32 proc, struct rpc_message *
361{ 361{
362 struct nlm_host *host = req->a_host; 362 struct nlm_host *host = req->a_host;
363 struct rpc_clnt *clnt; 363 struct rpc_clnt *clnt;
364 int status = -ENOLCK;
365 364
366 dprintk("lockd: call procedure %d on %s (async)\n", 365 dprintk("lockd: call procedure %d on %s (async)\n",
367 (int)proc, host->h_name); 366 (int)proc, host->h_name);
@@ -373,12 +372,10 @@ static int __nlm_async_call(struct nlm_rqst *req, u32 proc, struct rpc_message *
373 msg->rpc_proc = &clnt->cl_procinfo[proc]; 372 msg->rpc_proc = &clnt->cl_procinfo[proc];
374 373
375 /* bootstrap and kick off the async RPC call */ 374 /* bootstrap and kick off the async RPC call */
376 status = rpc_call_async(clnt, msg, RPC_TASK_ASYNC, tk_ops, req); 375 return rpc_call_async(clnt, msg, RPC_TASK_ASYNC, tk_ops, req);
377 if (status == 0)
378 return 0;
379out_err: 376out_err:
380 nlm_release_call(req); 377 tk_ops->rpc_release(req);
381 return status; 378 return -ENOLCK;
382} 379}
383 380
384int nlm_async_call(struct nlm_rqst *req, u32 proc, const struct rpc_call_ops *tk_ops) 381int nlm_async_call(struct nlm_rqst *req, u32 proc, const struct rpc_call_ops *tk_ops)
diff --git a/fs/lockd/svclock.c b/fs/lockd/svclock.c
index c7db0a5bccdc..cf51f849e76c 100644
--- a/fs/lockd/svclock.c
+++ b/fs/lockd/svclock.c
@@ -593,9 +593,7 @@ callback:
593 593
594 /* Call the client */ 594 /* Call the client */
595 kref_get(&block->b_count); 595 kref_get(&block->b_count);
596 if (nlm_async_call(block->b_call, NLMPROC_GRANTED_MSG, 596 nlm_async_call(block->b_call, NLMPROC_GRANTED_MSG, &nlmsvc_grant_ops);
597 &nlmsvc_grant_ops) < 0)
598 nlmsvc_release_block(block);
599} 597}
600 598
601/* 599/*