261051 – Double unlocking in rpc_soc.c

Bug 261051 - Double unlocking in rpc_soc.c

Summary: Double unlocking in rpc_soc.c

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	Unspecified
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Konstantin Belousov

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-01-09 04:51 UTC by RyanCai
Modified:	2022-01-15 13:05 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description RyanCai 2022-01-09 04:51:05 UTC

In method clnt_com_create, the rpcsoc_lock is released twice when the condition sport == 0 is satisfied and it goes to err where the lock rpcsoc_lock is released again.



Locations:
https://github.com/freebsd/freebsd-src/blob/373ffc62c158e52cde86a5b934ab4a51307f9f2e/lib/libc/rpc/rpc_soc.c#L119-L127

https://github.com/freebsd/freebsd-src/blob/373ffc62c158e52cde86a5b934ab4a51307f9f2e/lib/libc/rpc/rpc_soc.c#L155-L158

Comment 1 commit-hook freebsd_committer

2022-01-09 05:36:20 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=6d06bc688eb5a9f9e389b69c388d591a40edc422

commit 6d06bc688eb5a9f9e389b69c388d591a40edc422
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2022-01-09 05:09:22 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2022-01-09 05:36:06 +0000

    libc clnt_com_create: relock rpcsoc_lock earlier when port is obtained from portmapper

    Otherwise on mapper failure we goto error handler which expect
    rpscoc_lock owned, but we do not.

    PR:     261051
    Reported by:    RyanCai <ryancaicse@gmail.com>
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week

 lib/libc/rpc/rpc_soc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 2 commit-hook freebsd_committer

2022-01-15 00:52:17 UTC

A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=07d32ede469ddc85b7e92921b4a9f1eeb4dbd66f

commit 07d32ede469ddc85b7e92921b4a9f1eeb4dbd66f
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2022-01-09 05:09:22 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2022-01-15 00:51:13 +0000

    libc clnt_com_create: relock rpcsoc_lock earlier when port is obtained from portmapper

    PR:     261051

    (cherry picked from commit 6d06bc688eb5a9f9e389b69c388d591a40edc422)

 lib/libc/rpc/rpc_soc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 3 commit-hook freebsd_committer

2022-01-15 12:59:21 UTC

A commit in branch stable/12 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=ac82aa1bf742def55998d27e98496b46c18cfcd5

commit ac82aa1bf742def55998d27e98496b46c18cfcd5
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2022-01-09 05:09:22 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2022-01-15 12:57:40 +0000

    libc clnt_com_create: relock rpcsoc_lock earlier when port is obtained from portmapper

    PR:     261051

    (cherry picked from commit 6d06bc688eb5a9f9e389b69c388d591a40edc422)

 lib/libc/rpc/rpc_soc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)