summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTrond Myklebust <Trond.Myklebust@netapp.com>2008-07-07 20:18:52 +0400
committerTrond Myklebust <Trond.Myklebust@netapp.com>2008-07-08 23:23:00 +0400
commit0d3a34b48c87a374b37d7a21a60d257d076484f3 (patch)
treeb3b95c5855e25c5693d505bf74f9c5f7eccde8dc
parent2aac05a91971fbd1bf6cbed78b8731eb7454b9b7 (diff)
downloadlinux-0d3a34b48c87a374b37d7a21a60d257d076484f3.tar.xz
SUNRPC: Fix a double-free in rpcbind
It is wrong to be freeing up the rpcbind arguments if the call to rpcb_call_async() fails, since they should already have been freed up by rpcb_map_release(). Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-rw-r--r--net/sunrpc/rpcb_clnt.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/net/sunrpc/rpcb_clnt.c b/net/sunrpc/rpcb_clnt.c
index 0517967a68bf..21c698d7b774 100644
--- a/net/sunrpc/rpcb_clnt.c
+++ b/net/sunrpc/rpcb_clnt.c
@@ -365,18 +365,16 @@ void rpcb_getport_async(struct rpc_task *task)
rpc_release_client(rpcb_clnt);
if (IS_ERR(child)) {
status = -EIO;
+ /* rpcb_map_release() has freed the arguments */
dprintk("RPC: %5u %s: rpc_run_task failed\n",
task->tk_pid, __func__);
- goto bailout;
+ goto bailout_nofree;
}
rpc_put_task(child);
task->tk_xprt->stat.bind_count++;
return;
-bailout:
- kfree(map);
- xprt_put(xprt);
bailout_nofree:
rpcb_wake_rpcbind_waiters(xprt, status);
bailout_nowake: