Index: fs/nfs/nfsrvstate.h =================================================================== --- fs/nfs/nfsrvstate.h +++ fs/nfs/nfsrvstate.h @@ -81,6 +81,7 @@ */ struct nfsclient { LIST_ENTRY(nfsclient) lc_hash; /* Clientid hash list */ + struct nfsstatehead *lc_stateid; /* Stateid hash */ struct nfsstatehead lc_open; /* Open owner list */ struct nfsstatehead lc_deleg; /* Delegations */ struct nfsstatehead lc_olddeleg; /* and old delegations */ @@ -98,12 +99,11 @@ gid_t lc_gid; u_int16_t lc_idlen; /* Client ID and len */ u_int16_t lc_namelen; /* plus GSS principal and len */ - u_char *lc_id; u_char *lc_name; struct nfssockreq lc_req; /* Callback info */ u_int32_t lc_flags; /* LCL_ flag bits */ u_char lc_verf[NFSX_VERF]; /* client verifier */ - struct nfsstatehead lc_stateid[0]; /* stateid hash, malloc'd to size */ + u_char lc_id[1]; /* Malloc'd correct size */ }; #define CLOPS_CONFIRM 0x0001 Index: fs/nfsserver/nfs_nfsdserv.c =================================================================== --- fs/nfsserver/nfs_nfsdserv.c +++ fs/nfsserver/nfs_nfsdserv.c @@ -3469,9 +3469,10 @@ idlen = i; if (nd->nd_flag & ND_GSS) i += nd->nd_princlen; - clp = malloc(sizeof(struct nfsclient) + sizeof(struct nfsstatehead) * - nfsrv_statehashsize + i + 1, M_NFSDCLIENT, M_WAITOK | M_ZERO); - clp->lc_id = (u_char *)&clp->lc_stateid[nfsrv_statehashsize]; + clp = malloc(sizeof(struct nfsclient) + i, M_NFSDCLIENT, M_WAITOK | + M_ZERO); + clp->lc_stateid = malloc(sizeof(struct nfsstatehead) * + nfsrv_statehashsize, M_NFSDCLIENT, M_WAITOK); NFSINITSOCKMUTEX(&clp->lc_req.nr_mtx); NFSSOCKADDRALLOC(clp->lc_req.nr_nam); NFSSOCKADDRSIZE(clp->lc_req.nr_nam, sizeof (struct sockaddr_in)); @@ -3531,7 +3532,8 @@ if (clp) { NFSSOCKADDRFREE(clp->lc_req.nr_nam); NFSFREEMUTEX(&clp->lc_req.nr_mtx); - free((caddr_t)clp, M_NFSDCLIENT); + free(clp->lc_stateid, M_NFSDCLIENT); + free(clp, M_NFSDCLIENT); } if (!nd->nd_repstat) { NFSM_BUILD(tl, u_int32_t *, 2 * NFSX_HYPER); @@ -3548,7 +3550,8 @@ if (clp) { NFSSOCKADDRFREE(clp->lc_req.nr_nam); NFSFREEMUTEX(&clp->lc_req.nr_mtx); - free((caddr_t)clp, M_NFSDCLIENT); + free(clp->lc_stateid, M_NFSDCLIENT); + free(clp, M_NFSDCLIENT); } NFSEXITCODE2(error, nd); return (error); @@ -3739,9 +3742,10 @@ idlen = i; if (nd->nd_flag & ND_GSS) i += nd->nd_princlen; - clp = malloc(sizeof(struct nfsclient) + sizeof(struct nfsstatehead) * - nfsrv_statehashsize + i + 1, M_NFSDCLIENT, M_WAITOK | M_ZERO); - clp->lc_id = (u_char *)&clp->lc_stateid[nfsrv_statehashsize]; + clp = malloc(sizeof(struct nfsclient) + i, M_NFSDCLIENT, M_WAITOK | + M_ZERO); + clp->lc_stateid = malloc(sizeof(struct nfsstatehead) * + nfsrv_statehashsize, M_NFSDCLIENT, M_WAITOK); NFSINITSOCKMUTEX(&clp->lc_req.nr_mtx); NFSSOCKADDRALLOC(clp->lc_req.nr_nam); NFSSOCKADDRSIZE(clp->lc_req.nr_nam, sizeof (struct sockaddr_in)); @@ -3798,6 +3802,7 @@ if (clp != NULL) { NFSSOCKADDRFREE(clp->lc_req.nr_nam); NFSFREEMUTEX(&clp->lc_req.nr_mtx); + free(clp->lc_stateid, M_NFSDCLIENT); free(clp, M_NFSDCLIENT); } if (nd->nd_repstat == 0) { @@ -3830,6 +3835,7 @@ if (clp != NULL) { NFSSOCKADDRFREE(clp->lc_req.nr_nam); NFSFREEMUTEX(&clp->lc_req.nr_mtx); + free(clp->lc_stateid, M_NFSDCLIENT); free(clp, M_NFSDCLIENT); } NFSEXITCODE2(error, nd); Index: fs/nfsserver/nfs_nfsdstate.c =================================================================== --- fs/nfsserver/nfs_nfsdstate.c +++ fs/nfsserver/nfs_nfsdstate.c @@ -1212,7 +1212,8 @@ newnfs_disconnect(&clp->lc_req); NFSSOCKADDRFREE(clp->lc_req.nr_nam); NFSFREEMUTEX(&clp->lc_req.nr_mtx); - free((caddr_t)clp, M_NFSDCLIENT); + free(clp->lc_stateid, M_NFSDCLIENT); + free(clp, M_NFSDCLIENT); NFSLOCKSTATE(); newnfsstats.srvclients--; nfsrv_openpluslock--; @@ -5725,6 +5726,7 @@ nfsrv_cleanclient(clp, p); nfsrv_freedeleglist(&clp->lc_deleg); nfsrv_freedeleglist(&clp->lc_olddeleg); + free(clp->lc_stateid, M_NFSDCLIENT); free(clp, M_NFSDCLIENT); } }