On Fri, 10 Jul 2015 16:33:31 -0400 Jeff Layton <jlayton@xxxxxxxxxxxxxxx> wrote: > This reverts commit db2efec0caba4f81a22d95a34da640b86c313c8e. > > William reported that he was seeing instability with this patch, which > is likely due to the fact that it can cause the kernel to take a new > reference to a filp after the last reference has already been put. > > Revert this patch for now, as we'll need to fix this in another way. > > Cc: stable@xxxxxxxxxxxxxxx > Reported-by: William Dauchy <william@xxxxxxxxx> > Signed-off-by: Jeff Layton <jeff.layton@xxxxxxxxxxxxxxx> > --- > fs/nfs/nfs4proc.c | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c > index 6f228b5af819..60be01f69b84 100644 > --- a/fs/nfs/nfs4proc.c > +++ b/fs/nfs/nfs4proc.c > @@ -5484,7 +5484,6 @@ static struct nfs4_unlockdata *nfs4_alloc_unlockdata(struct file_lock *fl, > atomic_inc(&lsp->ls_count); > /* Ensure we don't close file until we're done freeing locks! */ > p->ctx = get_nfs_open_context(ctx); > - get_file(fl->fl_file); > memcpy(&p->fl, fl, sizeof(p->fl)); > p->server = NFS_SERVER(inode); > return p; > @@ -5496,7 +5495,6 @@ static void nfs4_locku_release_calldata(void *data) > nfs_free_seqid(calldata->arg.seqid); > nfs4_put_lock_state(calldata->lsp); > put_nfs_open_context(calldata->ctx); > - fput(calldata->fl.fl_file); > kfree(calldata); > } > Even though the title says "RFC" here, we should probably go ahead and revert this patch in mainline and any stable series kernels in which it got applied. Let me know if I need to do anything further in order to make that happen. Thanks, -- Jeff Layton <jlayton@xxxxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html