On Mon, 2011-02-28 at 16:31 -0500, Jim Rees wrote:
> Signed-off-by: Jim Rees <rees@xxxxxxxxx>
> ---
> fs/nfs/delegation.c | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/fs/nfs/delegation.c b/fs/nfs/delegation.c
> index bbbc6bf..5bc4f7e 100644
> --- a/fs/nfs/delegation.c
> +++ b/fs/nfs/delegation.c
> @@ -176,9 +176,11 @@ void nfs_inode_reclaim_delegation(struct inode *inode, struct rpc_cred *cred,
>
> static int nfs_do_return_delegation(struct inode *inode, struct nfs_delegation *delegation, int issync)
> {
> + struct nfs_inode *nfsi = NFS_I(inode);
> int res = 0;
>
> res = nfs4_proc_delegreturn(inode, delegation->cred, &delegation->stateid, issync);
> + rcu_assign_pointer(nfsi->delegation, NULL);
> nfs_free_delegation(delegation);
> return res;
> }
Big NACK...
nfsi->delegation is released under the appropriate locks well before we
get here. The above line is 100% racy and risks clobbering any new
delegation that has been issued after the delegreturn completed...
Trond
--
Trond Myklebust
Linux NFS client maintainer
NetApp
Trond.Myklebust@xxxxxxxxxx
www.netapp.com
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
