aboutsummaryrefslogtreecommitdiff
path: root/sys/netsmb
diff options
context:
space:
mode:
authorRick Macklem <rmacklem@FreeBSD.org>2015-11-18 23:04:01 +0000
committerRick Macklem <rmacklem@FreeBSD.org>2015-11-18 23:04:01 +0000
commit69527b11bb5e1bb234a29eed864896cb1a13d652 (patch)
tree30e1fd62aadf1372aba80d9358ec1dafcfe7b7ea /sys/netsmb
parente90df063889568e62342e7578c236fdce552c556 (diff)
downloadsrc-69527b11bb5e1bb234a29eed864896cb1a13d652.tar.gz
src-69527b11bb5e1bb234a29eed864896cb1a13d652.zip
The problem report was for a crash that happened when smbfs was
trying to do a mount. Given the backtrace, it appears that the crash occurred when smb_vc_create() failed and then called smb_vc_put() with vcp->vc_iod == NULL. smb_vc_put() subsequently called smb_vc_disconnect() with vcp->vc_iod == NULL, causing the crash. This patch adds a check for vcp->vc_iod != NULL in smb_vc_disconnect() to avoid the crash. It also fixes the case in smb_vc_create() where kproc_create() fails so that it destroys the mutexes and sets vcp->vc_iod == NULL before free()'ing the iod structure. The person who reported the PR tested the patch, but was not able to reproduce the crash with or without the patch. PR: 201912 Reviewed by: jhb MFC after: 2 weeks
Notes
Notes: svn path=/head/; revision=291035
Diffstat (limited to 'sys/netsmb')
-rw-r--r--sys/netsmb/smb_conn.c4
-rw-r--r--sys/netsmb/smb_iod.c3
2 files changed, 6 insertions, 1 deletions
diff --git a/sys/netsmb/smb_conn.c b/sys/netsmb/smb_conn.c
index d58bc722e45d..adc171c7bb02 100644
--- a/sys/netsmb/smb_conn.c
+++ b/sys/netsmb/smb_conn.c
@@ -683,7 +683,9 @@ int
smb_vc_disconnect(struct smb_vc *vcp)
{
- smb_iod_request(vcp->vc_iod, SMBIOD_EV_DISCONNECT | SMBIOD_EV_SYNC, NULL);
+ if (vcp->vc_iod != NULL)
+ smb_iod_request(vcp->vc_iod, SMBIOD_EV_DISCONNECT |
+ SMBIOD_EV_SYNC, NULL);
return 0;
}
diff --git a/sys/netsmb/smb_iod.c b/sys/netsmb/smb_iod.c
index ae5c6f721c44..412f8161fd58 100644
--- a/sys/netsmb/smb_iod.c
+++ b/sys/netsmb/smb_iod.c
@@ -690,6 +690,9 @@ smb_iod_create(struct smb_vc *vcp)
RFNOWAIT, 0, "smbiod%d", iod->iod_id);
if (error) {
SMBERROR("can't start smbiod: %d", error);
+ vcp->vc_iod = NULL;
+ smb_sl_destroy(&iod->iod_rqlock);
+ smb_sl_destroy(&iod->iod_evlock);
free(iod, M_SMBIOD);
return error;
}