2019-12-04 08:00:36

by Dan Carpenter

[permalink] [raw]
Subject: [PATCH] nfsd: unlock on error in manage_cpntf_state()

We are holding the "nn->s2s_cp_lock" so we can't return directly
without unlocking first.

Fixes: f3dee17721a0 ("NFSD check stateids against copy stateids")
Signed-off-by: Dan Carpenter <[email protected]>
---
fs/nfsd/nfs4state.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 296765e693d0..390ad454a229 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -5695,13 +5695,16 @@ __be32 manage_cpntf_state(struct nfsd_net *nn, stateid_t *st,
if (cps_t) {
state = container_of(cps_t, struct nfs4_cpntf_state,
cp_stateid);
- if (state->cp_stateid.sc_type != NFS4_COPYNOTIFY_STID)
- return nfserr_bad_stateid;
+ if (state->cp_stateid.sc_type != NFS4_COPYNOTIFY_STID) {
+ state = NULL;
+ goto unlock;
+ }
if (!clp)
refcount_inc(&state->cp_stateid.sc_count);
else
_free_cpntf_state_locked(nn, state);
}
+unlock:
spin_unlock(&nn->s2s_cp_lock);
if (!state)
return nfserr_bad_stateid;
--
2.11.0


2019-12-05 17:19:48

by J. Bruce Fields

[permalink] [raw]
Subject: Re: [PATCH] nfsd: unlock on error in manage_cpntf_state()

On Wed, Dec 04, 2019 at 10:59:36AM +0300, Dan Carpenter wrote:
> We are holding the "nn->s2s_cp_lock" so we can't return directly
> without unlocking first.

Thanks, applying.

--b.

>
> Fixes: f3dee17721a0 ("NFSD check stateids against copy stateids")
> Signed-off-by: Dan Carpenter <[email protected]>
> ---
> fs/nfsd/nfs4state.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
> index 296765e693d0..390ad454a229 100644
> --- a/fs/nfsd/nfs4state.c
> +++ b/fs/nfsd/nfs4state.c
> @@ -5695,13 +5695,16 @@ __be32 manage_cpntf_state(struct nfsd_net *nn, stateid_t *st,
> if (cps_t) {
> state = container_of(cps_t, struct nfs4_cpntf_state,
> cp_stateid);
> - if (state->cp_stateid.sc_type != NFS4_COPYNOTIFY_STID)
> - return nfserr_bad_stateid;
> + if (state->cp_stateid.sc_type != NFS4_COPYNOTIFY_STID) {
> + state = NULL;
> + goto unlock;
> + }
> if (!clp)
> refcount_inc(&state->cp_stateid.sc_count);
> else
> _free_cpntf_state_locked(nn, state);
> }
> +unlock:
> spin_unlock(&nn->s2s_cp_lock);
> if (!state)
> return nfserr_bad_stateid;
> --
> 2.11.0