7282 nlm_host leaks by nlm_host_findcreate() callers leads to hang in nlm_svc_stopping()

Reviewed by: Albert Lee <trisk@omniti.com>
Reviewed by: Simon Klinkert <simon.klinkert@gmail.com>
Approved by: Dan McDonald <danmcd@omniti.com>

3 files changed, 30 insertions, 25 deletions

diff --git a/usr/src/uts/common/fs/nfs/nfs4_vnops.c b/usr/src/uts/common/fs/nfs/nfs4_vnops.c
index d6bf384a8b..1c8a3bc235 100644
--- a/usr/src/uts/common/fs/nfs/nfs4_vnops.c
+++ b/usr/src/uts/common/fs/nfs/nfs4_vnops.c
@@ -2239,7 +2239,7 @@ nfs4_open_non_reg_file(vnode_t **vpp, int flag, cred_t *cr)
 /* ARGSUSED */
 static int
 nfs4_close(vnode_t *vp, int flag, int count, offset_t offset, cred_t *cr,
-	caller_context_t *ct)
+    caller_context_t *ct)
 {
 	rnode4_t	*rp;
 	int		 error = 0;
@@ -2302,6 +2302,8 @@ nfs4_close(vnode_t *vp, int flag, int count, offset_t offset, cred_t *cr,
 		} else {
 			cleanlocks(vp, ttoproc(curthread)->p_pid,
 			    (lm_sysidt(lmsid) | LM_SYSID_CLIENT));
+
+			lm_rel_sysid(lmsid);
 		}
 		return (e.error);
 	}
@@ -3616,7 +3618,7 @@ recov_retry:
 /* ARGSUSED */
 static int
 nfs4_ioctl(vnode_t *vp, int cmd, intptr_t arg, int flag, cred_t *cr, int *rvalp,
-	caller_context_t *ct)
+    caller_context_t *ct)
 {
 	if (nfs_zone() != VTOMI4(vp)->mi_zone)
 		return (EIO);
@@ -6511,8 +6513,8 @@ recov_retry:
 /* ARGSUSED */
 static int
 nfs4_create(vnode_t *dvp, char *nm, struct vattr *va, enum vcexcl exclusive,
-	int mode, vnode_t **vpp, cred_t *cr, int flags, caller_context_t *ct,
-	vsecattr_t *vsecp)
+    int mode, vnode_t **vpp, cred_t *cr, int flags, caller_context_t *ct,
+    vsecattr_t *vsecp)
 {
 	int error;
 	vnode_t *vp = NULL;
@@ -8901,7 +8903,7 @@ nfs4_symlink(vnode_t *dvp, char *lnm, struct vattr *tva, char *tnm, cred_t *cr,
 /* ARGSUSED */
 static int
 nfs4_readdir(vnode_t *vp, struct uio *uiop, cred_t *cr, int *eofp,
-	caller_context_t *ct, int flags)
+    caller_context_t *ct, int flags)
 {
 	int error;
 	uint_t count;
@@ -9728,7 +9730,7 @@ nfs4_seek(vnode_t *vp, offset_t ooff, offset_t *noffp, caller_context_t *ct)
 static int
 nfs4_getpage(vnode_t *vp, offset_t off, size_t len, uint_t *protp,
     page_t *pl[], size_t plsz, struct seg *seg, caddr_t addr,
-	enum seg_rw rw, cred_t *cr, caller_context_t *ct)
+    enum seg_rw rw, cred_t *cr, caller_context_t *ct)
 {
 	rnode4_t *rp;
 	int error;
@@ -10199,7 +10201,7 @@ nfs4_readahead(vnode_t *vp, u_offset_t blkoff, caddr_t addr, struct seg *seg,
 /* ARGSUSED */
 static int
 nfs4_putpage(vnode_t *vp, offset_t off, size_t len, int flags, cred_t *cr,
-	caller_context_t *ct)
+    caller_context_t *ct)
 {
 	int error;
 	rnode4_t *rp;
@@ -11321,7 +11323,7 @@ nfs4_have_xattrs(vnode_t *vp, ulong_t *valp, cred_t *cr)
 /* ARGSUSED */
 int
 nfs4_pathconf(vnode_t *vp, int cmd, ulong_t *valp, cred_t *cr,
-	caller_context_t *ct)
+    caller_context_t *ct)
 {
 	int error;
 	hrtime_t t;
@@ -11475,7 +11477,7 @@ nfs4_sync_pageio(vnode_t *vp, page_t *pp, u_offset_t io_off, size_t io_len,
 /* ARGSUSED */
 static int
 nfs4_pageio(vnode_t *vp, page_t *pp, u_offset_t io_off, size_t io_len,
-	int flags, cred_t *cr, caller_context_t *ct)
+    int flags, cred_t *cr, caller_context_t *ct)
 {
 	int error;
 	rnode4_t *rp;
@@ -11506,7 +11508,7 @@ nfs4_pageio(vnode_t *vp, page_t *pp, u_offset_t io_off, size_t io_len,
 /* ARGSUSED */
 static void
 nfs4_dispose(vnode_t *vp, page_t *pp, int fl, int dn, cred_t *cr,
-	caller_context_t *ct)
+    caller_context_t *ct)
 {
 	int error;
 	rnode4_t *rp;
@@ -12259,7 +12261,7 @@ do_nfs4_async_commit(vnode_t *vp, page_t *plist, offset3 offset, count3 count,
 /*ARGSUSED*/
 static int
 nfs4_setsecattr(vnode_t *vp, vsecattr_t *vsecattr, int flag, cred_t *cr,
-	caller_context_t *ct)
+    caller_context_t *ct)
 {
 	int		error = 0;
 	mntinfo4_t	*mi;
@@ -12308,7 +12310,7 @@ nfs4_setsecattr(vnode_t *vp, vsecattr_t *vsecattr, int flag, cred_t *cr,
 /* ARGSUSED */
 int
 nfs4_getsecattr(vnode_t *vp, vsecattr_t *vsecattr, int flag, cred_t *cr,
-	caller_context_t *ct)
+    caller_context_t *ct)
 {
 	int		error;
 	mntinfo4_t	*mi;
diff --git a/usr/src/uts/common/klm/nlm_client.c b/usr/src/uts/common/klm/nlm_client.c
index 8ae6b3682f..57b924c005 100644
--- a/usr/src/uts/common/klm/nlm_client.c
+++ b/usr/src/uts/common/klm/nlm_client.c
@@ -257,8 +257,8 @@ nlm_reclaim_client(struct nlm_globals *g, struct nlm_host *hostp)
 /* ARGSUSED */
 int
 nlm_frlock(struct vnode *vp, int cmd, struct flock64 *flkp,
-	int flags, u_offset_t offset, struct cred *crp,
-	struct netobj *fhp, struct flk_callback *flcb, int vers)
+    int flags, u_offset_t offset, struct cred *crp,
+    struct netobj *fhp, struct flk_callback *flcb, int vers)
 {
 	mntinfo_t *mi;
 	servinfo_t *sv;
@@ -618,13 +618,13 @@ void
 nlm_register_lock_locally(struct vnode *vp, struct nlm_host *hostp,
     struct flock64 *flk, int flags, u_offset_t offset)
 {
+	struct nlm_globals *g = NULL;
 	int sysid = 0;
 
 	if (hostp == NULL) {
 		mntinfo_t *mi;
 		servinfo_t *sv;
 		const char *netid;
-		struct nlm_globals *g;
 
 		mi = VTOMI(vp);
 		sv = mi->mi_curr_serv;
@@ -639,6 +639,9 @@ nlm_register_lock_locally(struct vnode *vp, struct nlm_host *hostp,
 
 	if (hostp != NULL) {
 		sysid = hostp->nh_sysid | LM_SYSID_CLIENT;
+
+		if (g != NULL)
+			nlm_host_release(g, hostp);
 	}
 
 	flk->l_sysid = sysid;
@@ -743,8 +746,8 @@ nlm_local_cancelk(vnode_t *vp, struct flock64 *flp)
  */
 static int
 nlm_call_lock(vnode_t *vp, struct flock64 *flp,
-	struct nlm_host *hostp, struct netobj *fhp,
-	struct flk_callback *flcb, int vers, int xflags)
+    struct nlm_host *hostp, struct netobj *fhp,
+    struct flk_callback *flcb, int vers, int xflags)
 {
 	struct nlm4_lockargs args;
 	struct nlm_owner_handle oh;
@@ -944,7 +947,7 @@ out:
  */
 static int
 nlm_call_cancel(struct nlm4_lockargs *largs,
-	struct nlm_host *hostp, int vers)
+    struct nlm_host *hostp, int vers)
 {
 	nlm4_cancargs cargs;
 	uint32_t xid;
@@ -1182,8 +1185,8 @@ nlm_call_test(struct flock64 *flp, struct nlm_host *hostp,
 
 static void
 nlm_init_lock(struct nlm4_lock *lock,
-	const struct flock64 *fl, struct netobj *fh,
-	struct nlm_owner_handle *oh)
+    const struct flock64 *fl, struct netobj *fh,
+    struct nlm_owner_handle *oh)
 {
 
 	/* Caller converts to zero-base. */
@@ -1205,7 +1208,7 @@ nlm_init_lock(struct nlm4_lock *lock,
 
 int
 nlm_shrlock(struct vnode *vp, int cmd, struct shrlock *shr,
-	int flags, struct netobj *fh, int vers)
+    int flags, struct netobj *fh, int vers)
 {
 	struct shrlock shlk;
 	mntinfo_t *mi;
@@ -1481,7 +1484,7 @@ nlm_call_unshare(struct shrlock *shr, struct nlm_host *host,
 
 static void
 nlm_init_share(struct nlm4_share *args,
-	const struct shrlock *shr, struct netobj *fh)
+    const struct shrlock *shr, struct netobj *fh)
 {
 
 	bzero(args, sizeof (*args));
diff --git a/usr/src/uts/common/klm/nlm_service.c b/usr/src/uts/common/klm/nlm_service.c
index d87e80448d..7742198533 100644
--- a/usr/src/uts/common/klm/nlm_service.c
+++ b/usr/src/uts/common/klm/nlm_service.c
@@ -124,7 +124,7 @@ static int nlm_vop_frlock(vnode_t *, int, flock64_t *, int, offset_t,
  */
 static int
 nlm_init_flock(struct flock64 *fl, struct nlm4_lock *nl,
-	struct nlm_host *host, rpcvers_t vers, short type)
+    struct nlm_host *host, rpcvers_t vers, short type)
 {
 	uint64_t off, len;
 
@@ -795,7 +795,7 @@ nlm_do_cancel(nlm4_cancargs *argp, nlm4_res *resp,
 		error = nlm_host_get_rpc(host, sr->rq_vers, &rpcp);
 		if (error != 0) {
 			resp->stat.stat = nlm4_denied_nolocks;
-			return;
+			goto out;
 		}
 	}
 
@@ -1250,7 +1250,7 @@ out:
  */
 static int
 nlm_vop_frlock(vnode_t *vp, int cmd, flock64_t *bfp, int flag, offset_t offset,
-	struct flk_callback *flk_cbp, cred_t *cr, caller_context_t *ct)
+    struct flk_callback *flk_cbp, cred_t *cr, caller_context_t *ct)
 {
 	if (bfp->l_len != 0 && bfp->l_start + (bfp->l_len - 1) < bfp->l_start) {
 		return (EOVERFLOW);