From: Christos Zoulas <christos@zoulas.com>
Date: Wed, 9 Dec 2009 16:17:38 +0000 (-0500)
Subject: Free continuation in amfs_retry() if we don't call amfs_bgmount()
X-Git-Tag: am-utils-6_2_rc1~16
X-Git-Url: https://git.fsl.cs.stonybrook.edu/?a=commitdiff_plain;h=22276f09fb00923f9d92d681d4f959e09ccc629e;p=am-utils-6.2.git

Free continuation in amfs_retry() if we don't call amfs_bgmount()
Normally it's amfs_bgmount() which frees the continuation. However, if
the mount is already in progress and we're in amfs_retry() for another
node we don't try mounting the filesystem once again. Still, we have
to free the continuation as we won't get called again and thus would
leak the continuation structure and our am_loc references.
From: Krisztian Kovacs <Kris.Kovacs@morganstanley.com>
---

diff --git a/ChangeLog b/ChangeLog
index 0f6ab8ad..29808612 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
 2009-12-09  Christos Zoulas <christos@zoulas.com>
 
+	* Free continuation in amfs_retry() if we don't call amfs_bgmount()
+	  Normally it's amfs_bgmount() which frees the continuation. However, if
+	  the mount is already in progress and we're in amfs_retry() for another
+	  node we don't try mounting the filesystem once again. Still, we have
+	  to free the continuation as we won't get called again and thus would
+	  leak the continuation structure and our am_loc references.
+	  From: Krisztian Kovacs <Kris.Kovacs@morganstanley.com>
+
 	* Fix use-after-free and double free of mntfs private data
 	  ops_nfs.c(nfs_init) does not clear private data pointer after free().
 	  This leads to use-after-free and double free in case mount() fails.
diff --git a/amd/amfs_generic.c b/amd/amfs_generic.c
index e3560b59..3c604b04 100644
--- a/amd/amfs_generic.c
+++ b/amd/amfs_generic.c
@@ -615,6 +615,14 @@ amfs_retry(int rc, int term, opaque_t arg)
   }
   if (error || !IN_PROGRESS(cp))
     error = amfs_bgmount(cp);
+  else
+    /* Normally it's amfs_bgmount() which frees the continuation. However, if
+     * the mount is already in progress and we're in amfs_retry() for another
+     * node we don't try mounting the filesystem once again. Still, we have
+     * to free the continuation as we won't get called again and thus would
+     * leak the continuation structure and our am_loc references.
+     */
+    free_continuation(cp);
 
   reschedule_timeout_mp();
 }