Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2f065ddb authored by Trond Myklebust's avatar Trond Myklebust
Browse files

pNFS: Layoutreturn must free the layout after the layout-private data 



The layout-private data may depend on the layout and/or the inode
still existing when it does post-processing and frees its data, so we
need to free them after calling lrp->ld_private.ops->free().

This fixes a mirror list corruption issue in the flexfiles driver.

Signed-off-by: default avatarTrond Myklebust <trond.myklebust@primarydata.com>
parent cb067935

fs/nfs/nfs4proc.c

+2 −2
Original line number Diff line number Diff line
@@ -8641,10 +8641,10 @@ static void nfs4_layoutreturn_release(void *calldata) 
	pnfs_layoutreturn_free_lsegs(lo, &lrp->args.stateid, &lrp->args.range,

			lrp->res.lrs_present ? &lrp->res.stateid : NULL);

	nfs4_sequence_free_slot(&lrp->res.seq_res);

	pnfs_put_layout_hdr(lrp->args.layout);

	nfs_iput_and_deactive(lrp->inode);

	if (lrp->ld_private.ops && lrp->ld_private.ops->free)

		lrp->ld_private.ops->free(&lrp->ld_private);

	pnfs_put_layout_hdr(lrp->args.layout);

	nfs_iput_and_deactive(lrp->inode);

	kfree(calldata);

	dprintk("<-- %s\n", __func__);

}