diff options
author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2012-03-19 16:17:18 -0400 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2012-03-20 13:08:25 -0400 |
commit | 5ae67c4fee869c9b3c87b727a9ea511b6326b834 (patch) | |
tree | 68fe22b71462c6e13eff3a6d637b79371c77441e /fs/nfs/nfs4proc.c | |
parent | c4f1b62a4b50a01e8d820717906b674807ef9ca3 (diff) | |
download | lwn-5ae67c4fee869c9b3c87b727a9ea511b6326b834.tar.gz lwn-5ae67c4fee869c9b3c87b727a9ea511b6326b834.zip |
NFSv4: It is not safe to dereference lsp->ls_state in release_lockowner
It is quite possible for the release_lockowner RPC call to race with the
close RPC call, in which case, we cannot dereference lsp->ls_state in
order to find the nfs_server.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'fs/nfs/nfs4proc.c')
-rw-r--r-- | fs/nfs/nfs4proc.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 5e0961acfef4..d41d97fb4cb9 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -4760,13 +4760,14 @@ out: struct nfs_release_lockowner_data { struct nfs4_lock_state *lsp; + struct nfs_server *server; struct nfs_release_lockowner_args args; }; static void nfs4_release_lockowner_release(void *calldata) { struct nfs_release_lockowner_data *data = calldata; - nfs4_free_lock_state(data->lsp); + nfs4_free_lock_state(data->server, data->lsp); kfree(calldata); } @@ -4788,6 +4789,7 @@ int nfs4_release_lockowner(struct nfs4_lock_state *lsp) if (!data) return -ENOMEM; data->lsp = lsp; + data->server = server; data->args.lock_owner.clientid = server->nfs_client->cl_clientid; data->args.lock_owner.id = lsp->ls_seqid.owner_id; data->args.lock_owner.s_dev = server->s_dev; |