From: Fred Isaman <iisaman@netapp.com>
Date: Wed, 15 Jun 2011 16:31:02 +0000 (-0400)
Subject: nfs4.1: prevent race that allowed use of freed layout in _pnfs_return_layout
X-Git-Tag: v3.0-rc5~51^2~8
X-Git-Url: https://openfabrics.org/gitweb/?a=commitdiff_plain;h=ea0ded748bdea78f9e2fefb571f7d6ce9edb4f89;p=~emulex%2Finfiniband.git

nfs4.1: prevent race that allowed use of freed layout in _pnfs_return_layout

mark_matching_lsegs_invalid could put the last ref to the layout, so
the get_layout_hdr needs to be called first.

Signed-off-by: Fred Isaman <iisaman@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
---

diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c
index 8f958228125..730d4dbbaf6 100644
--- a/fs/nfs/pnfs.c
+++ b/fs/nfs/pnfs.c
@@ -640,10 +640,10 @@ _pnfs_return_layout(struct inode *ino)
 		return status;
 	}
 	stateid = nfsi->layout->plh_stateid;
-	mark_matching_lsegs_invalid(lo, &tmp_list, NULL);
-	lo->plh_block_lgets++;
 	/* Reference matched in nfs4_layoutreturn_release */
 	get_layout_hdr(lo);
+	mark_matching_lsegs_invalid(lo, &tmp_list, NULL);
+	lo->plh_block_lgets++;
 	spin_unlock(&ino->i_lock);
 	pnfs_free_lseg_list(&tmp_list);