[PATCH] nfsd4: fix release_lockowner
authorNeilBrown <neilb@cse.unsw.edu.au>
Fri, 8 Jul 2005 00:59:14 +0000 (17:59 -0700)
committerLinus Torvalds <torvalds@g5.osdl.org>
Fri, 8 Jul 2005 01:24:08 +0000 (18:24 -0700)
We oops in list_for_each_entry(), because release_stateowner frees something
on the list we're traversing.

Signed-off-by: Andy Adamson <andros@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
fs/nfsd/nfs4state.c

index 9f9db40b5666684be26b19c09d04e23820e21dc1..e388c9070de454ba88c1d8ccaeb8698a8ac61643 100644 (file)
@@ -3084,7 +3084,12 @@ nfsd4_release_lockowner(struct svc_rqst *rqstp, struct nfsd4_release_lockowner *
         * of the lockowner state released; so don't release any until all
         * have been checked. */
        status = nfs_ok;
-       list_for_each_entry(sop, &matches, so_perclient) {
+       while (!list_empty(&matches)) {
+               sop = list_entry(matches.next, struct nfs4_stateowner,
+                                                               so_perclient);
+               /* unhash_stateowner deletes so_perclient only
+                * for openowners. */
+               list_del(&sop->so_perclient);
                release_stateowner(sop);
        }
 out: