HomeFreeBSD

krpc: Acquire ref count of CLIENT for backchannel use

Description

krpc: Acquire ref count of CLIENT for backchannel use

Michael Dexter <editor@callfortesting.org> reported
a crash in FreeNAS, where the first argument to
clnt_bck_svccall() was no longer valid.
This argument is a pointer to the callback CLIENT
structure, which is free'd when the associated
NFSv4 ClientID is free'd.

This appears to have occurred because a callback
reply was still in the socket receive queue when
the CLIENT structure was free'd.

This patch acquires a reference count on the CLIENT
that is not CLNT_RELEASE()'d until the socket structure
is destroyed. This should guarantee that the CLIENT
structure is still valid when clnt_bck_svccall() is called.
It also adds a check for closed or closing to
clnt_bck_svccall() so that it will not process the callback
RPC reply message after the ClientID is free'd.

(cherry picked from commit e1a907a25cfa422c0d1acaf9f91352ada04f4bca)

Details

Provenance
rmacklemAuthored on Jun 11 2021, 11:57 PM
Parents
rG88878ea4e410: nfscl: Fix generation of va_fsid for a tree of NFSv4 server file systems
Branches
Unknown
Tags
Unknown