svn commit: r291035 - head/sys/netsmb

Wed, 18 Nov 2015 15:04:50 -0800 

Author: rmacklem
Date: Wed Nov 18 23:04:01 2015
New Revision: 291035
URL: https://svnweb.freebsd.org/changeset/base/291035

Log:
  The problem report was for a crash that happened when smbfs was
  trying to do a mount. Given the backtrace,
  it appears that the crash occurred when smb_vc_create() failed and then
  called smb_vc_put() with vcp->vc_iod == NULL. smb_vc_put() subsequently
  called smb_vc_disconnect() with vcp->vc_iod == NULL, causing the crash.
  This patch adds a check for vcp->vc_iod != NULL in smb_vc_disconnect() to
  avoid the crash. It also fixes the case in smb_vc_create() where
  kproc_create() fails so that it destroys the mutexes and sets
  vcp->vc_iod == NULL before free()'ing the iod structure.
  The person who reported the PR tested the patch, but was not able
  to reproduce the crash with or without the patch.
  
  PR:           201912
  Reviewed by:  jhb
  MFC after:    2 weeks

Modified:
  head/sys/netsmb/smb_conn.c
  head/sys/netsmb/smb_iod.c

Modified: head/sys/netsmb/smb_conn.c
==============================================================================
--- head/sys/netsmb/smb_conn.c  Wed Nov 18 22:20:49 2015        (r291034)
+++ head/sys/netsmb/smb_conn.c  Wed Nov 18 23:04:01 2015        (r291035)
@@ -683,7 +683,9 @@ int
 smb_vc_disconnect(struct smb_vc *vcp)
 {
 
-       smb_iod_request(vcp->vc_iod, SMBIOD_EV_DISCONNECT | SMBIOD_EV_SYNC, 
NULL);
+       if (vcp->vc_iod != NULL)
+               smb_iod_request(vcp->vc_iod, SMBIOD_EV_DISCONNECT |
+                   SMBIOD_EV_SYNC, NULL);
        return 0;
 }
 

Modified: head/sys/netsmb/smb_iod.c
==============================================================================
--- head/sys/netsmb/smb_iod.c   Wed Nov 18 22:20:49 2015        (r291034)
+++ head/sys/netsmb/smb_iod.c   Wed Nov 18 23:04:01 2015        (r291035)
@@ -690,6 +690,9 @@ smb_iod_create(struct smb_vc *vcp)
            RFNOWAIT, 0, "smbiod%d", iod->iod_id);
        if (error) {
                SMBERROR("can't start smbiod: %d", error);
+               vcp->vc_iod = NULL;
+               smb_sl_destroy(&iod->iod_rqlock);
+               smb_sl_destroy(&iod->iod_evlock);
                free(iod, M_SMBIOD);
                return error;
        }
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to