On Wed, Mar 07, 2018 at 04:54:50PM -0500, Olga Kornievskaia wrote:
> On Wed, Mar 7, 2018 at 4:43 PM, J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote:
> > On Tue, Feb 20, 2018 at 11:42:25AM -0500, Olga Kornievskaia wrote:
> >> @@ -5143,8 +5144,11 @@ static __be32 nfsd4_validate_stateid(struct nfs4_client *cl, stateid_t *stateid)
> >> if (!status && filpp)
> >> status = nfs4_check_file(rqstp, fhp, s, filpp, tmp_file, flags);
> >> out:
> >> - if (s)
> >> + if (s) {
> >> + if (!status && cstid)
> >> + *cstid = s;
> >> nfs4_put_stid(s);
> >
> > Are you sure that's right? Normally you wouldn't drop a reference on
> > something you're returning.
>
> Hm. Should it be taken here then? I do up the reference on the stateid
> later in the code in the nfds4_copy().
Yeah, you probably want
if (!status && cstid)
*cstid = s;
else
nfs4_put_stid(s);
instead of doing the increment later in nfsd4_copy() code.
Otherwise, in theory a close or free_stateid or something could
race in and destroy the stateid before you get the chance to increment
the reference again.
--b.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
