| Message ID | 1308152397-16920-1-git-send-email-benny@tonian.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 2011-06-15 11:39, Benny Halevy wrote: > We always get a reference on the layout header and we rely on > nfs4_layoutreturn_release to put it. If we hit an allocation error > before starting the rpc proc we bail out early without dereferncing > the layout header properly. > > Signed-off-by: Benny Halevy <benny@tonian.com> > --- > fs/nfs/nfs4proc.c | 1 + > fs/nfs/pnfs.c | 1 + > 2 files changed, 2 insertions(+), 0 deletions(-) > > diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c > index 79f3c33..a4705bc 100644 > --- a/fs/nfs/nfs4proc.c > +++ b/fs/nfs/nfs4proc.c > @@ -5774,6 +5774,7 @@ static void nfs4_layoutreturn_done(struct rpc_task *task, void *calldata) > struct pnfs_layout_hdr *lo = NFS_I(lrp->args.inode)->layout; > > dprintk("--> %s\n", __func__); > + dprintk("%s: ref %d\n", atonic_read(&lo->plh_refcount)); > > if (!nfs4_sequence_done(task, &lrp->res.seq_res)) > return; please ignore this hunk, got there totally by mistake... Benny > diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c > index 0feeccc..bc3eb74 100644 > --- a/fs/nfs/pnfs.c > +++ b/fs/nfs/pnfs.c > @@ -675,6 +675,7 @@ _pnfs_return_layout(struct inode *ino) > lrp = kzalloc(sizeof(*lrp), GFP_KERNEL); > if (unlikely(lrp == NULL)) { > status = -ENOMEM; > + put_layout_hdr(lo); > goto out; > } > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index 79f3c33..a4705bc 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -5774,6 +5774,7 @@ static void nfs4_layoutreturn_done(struct rpc_task *task, void *calldata) struct pnfs_layout_hdr *lo = NFS_I(lrp->args.inode)->layout; dprintk("--> %s\n", __func__); + dprintk("%s: ref %d\n", atonic_read(&lo->plh_refcount)); if (!nfs4_sequence_done(task, &lrp->res.seq_res)) return; diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c index 0feeccc..bc3eb74 100644 --- a/fs/nfs/pnfs.c +++ b/fs/nfs/pnfs.c @@ -675,6 +675,7 @@ _pnfs_return_layout(struct inode *ino) lrp = kzalloc(sizeof(*lrp), GFP_KERNEL); if (unlikely(lrp == NULL)) { status = -ENOMEM; + put_layout_hdr(lo); goto out; }
We always get a reference on the layout header and we rely on nfs4_layoutreturn_release to put it. If we hit an allocation error before starting the rpc proc we bail out early without dereferncing the layout header properly. Signed-off-by: Benny Halevy <benny@tonian.com> --- fs/nfs/nfs4proc.c | 1 + fs/nfs/pnfs.c | 1 + 2 files changed, 2 insertions(+), 0 deletions(-)