nfs4.1: prevent race that allowed use of freed layout in _pnfs_return_layout

mark_matching_lsegs_invalid could put the last ref to the layout, so
the get_layout_hdr needs to be called first.

Signed-off-by: Fred Isaman <iisaman@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This commit is contained in:
Fred Isaman 2011-06-15 12:31:02 -04:00 committed by Trond Myklebust
parent 1ed3a8539a
commit ea0ded748b

View File

@ -640,10 +640,10 @@ _pnfs_return_layout(struct inode *ino)
return status;
}
stateid = nfsi->layout->plh_stateid;
mark_matching_lsegs_invalid(lo, &tmp_list, NULL);
lo->plh_block_lgets++;
/* Reference matched in nfs4_layoutreturn_release */
get_layout_hdr(lo);
mark_matching_lsegs_invalid(lo, &tmp_list, NULL);
lo->plh_block_lgets++;
spin_unlock(&ino->i_lock);
pnfs_free_lseg_list(&tmp_list);