pNFS: Layoutreturn must free the layout after the layout-private data

The layout-private data may depend on the layout and/or the inode
still existing when it does post-processing and frees its data, so we
need to free them after calling lrp->ld_private.ops->free().

This fixes a mirror list corruption issue in the flexfiles driver.

Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index d3431ff326620cca2580d62bc88c756e2b39d29e..c5a5086696555c8039bb3953d8e50078e345c369 100644 (file)
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -8641,10 +8641,10 @@ static void nfs4_layoutreturn_release(void *calldata)
        pnfs_layoutreturn_free_lsegs(lo, &lrp->args.stateid, &lrp->args.range,
                        lrp->res.lrs_present ? &lrp->res.stateid : NULL);
        nfs4_sequence_free_slot(&lrp->res.seq_res);
-       pnfs_put_layout_hdr(lrp->args.layout);
-       nfs_iput_and_deactive(lrp->inode);
        if (lrp->ld_private.ops && lrp->ld_private.ops->free)
                lrp->ld_private.ops->free(&lrp->ld_private);
+       pnfs_put_layout_hdr(lrp->args.layout);
+       nfs_iput_and_deactive(lrp->inode);
        kfree(calldata);
        dprintk("<-- %s\n", __func__);
 }