NFSD: Fix a null reference case in find_or_create_lock_stateid()

nfsd assigns the nfs4_free_lock_stateid to .sc_free in init_lock_stateid(). If nfsd doesn't go through init_lock_stateid() and put stateid at end, there is a NULL reference to .sc_free when calling nfs4_put_stid(ns). This patch let the nfs4_stid.sc_free assignment to nfs4_alloc_stid(). Cc: stable@vger.kernel.org Fixes: 356a95ece7aa "nfsd: clean up races in lock stateid searching..." Signed-off-by: Kinglong Mee <kinglongmee@gmail.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
author: Kinglong Mee <kinglongmee@gmail.com> 2017-01-18 14:04:42 +0300
committer: J. Bruce Fields <bfields@redhat.com> 2017-01-31 20:29:24 +0300
commit: d19fb70dd68c4e960e2ac09b0b9c79dfdeefa726 (patch)
tree: 8ce91162810ddf366f475ca22861c705aea115fa /fs/nfsd/nfs4layouts.c
parent: 566cf877a1fcb6d6dc0126b076aad062054c2637 (diff)
download: linux-d19fb70dd68c4e960e2ac09b0b9c79dfdeefa726.tar.xz
1 files changed, 3 insertions, 2 deletions
diff --git a/fs/nfsd/nfs4layouts.c b/fs/nfsd/nfs4layouts.c
index 596205d939a1..1fc07a9c70e9 100644
--- a/fs/nfsd/nfs4layouts.c
+++ b/fs/nfsd/nfs4layouts.c
@@ -223,10 +223,11 @@ nfsd4_alloc_layout_stateid(struct nfsd4_compound_state *cstate,
 	struct nfs4_layout_stateid *ls;
 	struct nfs4_stid *stp;
 
-	stp = nfs4_alloc_stid(cstate->clp, nfs4_layout_stateid_cache);
+	stp = nfs4_alloc_stid(cstate->clp, nfs4_layout_stateid_cache,
+					nfsd4_free_layout_stateid);
 	if (!stp)
 		return NULL;
-	stp->sc_free = nfsd4_free_layout_stateid;
+
 	get_nfs4_file(fp);
 	stp->sc_file = fp;
author	Kinglong Mee <kinglongmee@gmail.com>	2017-01-18 14:04:42 +0300
committer	J. Bruce Fields <bfields@redhat.com>	2017-01-31 20:29:24 +0300
commit	d19fb70dd68c4e960e2ac09b0b9c79dfdeefa726 (patch)
tree	8ce91162810ddf366f475ca22861c705aea115fa /fs/nfsd/nfs4layouts.c
parent	566cf877a1fcb6d6dc0126b076aad062054c2637 (diff)
download	linux-d19fb70dd68c4e960e2ac09b0b9c79dfdeefa726.tar.xz