From: Fred Isaman <iisaman@netapp.com>
Date: Wed, 15 Jun 2011 16:31:02 +0000 (-0400)
Subject: nfs4.1: prevent race that allowed use of freed layout in _pnfs_return_layout
X-Git-Tag: firefly_0821_release~3680^2~5205^2~8
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=ea0ded748bdea78f9e2fefb571f7d6ce9edb4f89;p=firefly-linux-kernel-4.4.55.git

nfs4.1: prevent race that allowed use of freed layout in _pnfs_return_layout

mark_matching_lsegs_invalid could put the last ref to the layout, so
the get_layout_hdr needs to be called first.

Signed-off-by: Fred Isaman <iisaman@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
---

diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c
index 8f9582281252..730d4dbbaf68 100644
--- a/fs/nfs/pnfs.c
+++ b/fs/nfs/pnfs.c
@@ -640,10 +640,10 @@ _pnfs_return_layout(struct inode *ino)
 		return status;
 	}
 	stateid = nfsi->layout->plh_stateid;
-	mark_matching_lsegs_invalid(lo, &tmp_list, NULL);
-	lo->plh_block_lgets++;
 	/* Reference matched in nfs4_layoutreturn_release */
 	get_layout_hdr(lo);
+	mark_matching_lsegs_invalid(lo, &tmp_list, NULL);
+	lo->plh_block_lgets++;
 	spin_unlock(&ino->i_lock);
 	pnfs_free_lseg_list(&tmp_list);