From: Trond Myklebust Date: Wed, 7 Dec 2016 17:29:26 +0000 (-0500) Subject: pNFS: Layoutreturn must free the layout after the layout-private data X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=2f065ddb64193ebf9cd600395d4782287cd0f58e;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git pNFS: Layoutreturn must free the layout after the layout-private data The layout-private data may depend on the layout and/or the inode still existing when it does post-processing and frees its data, so we need to free them after calling lrp->ld_private.ops->free(). This fixes a mirror list corruption issue in the flexfiles driver. Signed-off-by: Trond Myklebust --- diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index d3431ff32662..c5a508669655 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -8641,10 +8641,10 @@ static void nfs4_layoutreturn_release(void *calldata) pnfs_layoutreturn_free_lsegs(lo, &lrp->args.stateid, &lrp->args.range, lrp->res.lrs_present ? &lrp->res.stateid : NULL); nfs4_sequence_free_slot(&lrp->res.seq_res); - pnfs_put_layout_hdr(lrp->args.layout); - nfs_iput_and_deactive(lrp->inode); if (lrp->ld_private.ops && lrp->ld_private.ops->free) lrp->ld_private.ops->free(&lrp->ld_private); + pnfs_put_layout_hdr(lrp->args.layout); + nfs_iput_and_deactive(lrp->inode); kfree(calldata); dprintk("<-- %s\n", __func__); }