SUNRPC: Fix a double-free in rpcbind

It is wrong to be freeing up the rpcbind arguments if the call to rpcb_call_async() fails, since they should already have been freed up by rpcb_map_release(). Signed-off-by: N Trond Myklebust <Trond.Myklebust@netapp.com>

SUNRPC: Fix a double-free in rpcbind
It is wrong to be freeing up the rpcbind arguments if the call to rpcb_call_async() fails, since they should already have been freed up by rpcb_map_release(). Signed-off-by: N Trond Myklebust <Trond.Myklebust@netapp.com>
0d3a34b4 · Trond Myklebust · 2aac05a9 · 0d3a34b4
隐藏空白更改
内联并排

Showing with 2 addition and 4 deletion

net/sunrpc/rpcb_clnt.c net/sunrpc/rpcb_clnt.c +2 -4

未找到文件。
--- a/net/sunrpc/rpcb_clnt.c
+++ b/net/sunrpc/rpcb_clnt.c
@@ -365,18 +365,16 @@ void rpcb_getport_async(struct rpc_task *task)
 	rpc_release_client(rpcb_clnt);
 	if (IS_ERR(child)) {
 		status = -EIO;
+		/* rpcb_map_release() has freed the arguments */
 		dprintk("RPC: %5u %s: rpc_run_task failed\n",
 			task->tk_pid, __func__);
-		goto bailout;
+		goto bailout_nofree;
 	}
 	rpc_put_task(child);
 	task->tk_xprt->stat.bind_count++;
 	return;
-bailout:
-	kfree(map);
-	xprt_put(xprt);
 bailout_nofree:
 	rpcb_wake_rpcbind_waiters(xprt, status);
 bailout_nowake: