Use atomic_inc_not_zero() to avoid referencing a state that is currently
being freed.
Signed-off-by: Weston Andros Adamson <dros@xxxxxxxxxx>
---
fs/nfs/nfs4proc.c | 8 ++++++--
fs/nfs/nfs4state.c | 3 ++-
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index a3b78df..005543d 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -1275,7 +1275,8 @@ static struct nfs4_state *nfs4_try_open_cached(struct nfs4_opendata *opendata)
out:
return ERR_PTR(ret);
out_return_state:
- atomic_inc(&state->count);
+ if (!atomic_inc_not_zero(&state->count))
+ return ERR_PTR(-EINVAL);
return state;
}
@@ -1429,7 +1430,10 @@ static struct nfs4_opendata *nfs4_open_recoverdata_alloc(struct nfs_open_context
if (opendata == NULL)
return ERR_PTR(-ENOMEM);
opendata->state = state;
- atomic_inc(&state->count);
+ if (!atomic_inc_not_zero(&state->count)) {
+ nfs4_opendata_put(opendata);
+ return ERR_PTR(-EINVAL);
+ }
return opendata;
}
diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
index cc14cbb..1c71907 100644
--- a/fs/nfs/nfs4state.c
+++ b/fs/nfs/nfs4state.c
@@ -1416,7 +1416,8 @@ restart:
continue;
if (state->state == 0)
continue;
- atomic_inc(&state->count);
+ if (!atomic_inc_not_zero(&state->count))
+ continue;
spin_unlock(&sp->so_lock);
status = ops->recover_open(sp, state);
if (status >= 0) {
--
1.7.12.4 (Apple Git-37)
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
