[PATCH] nfsd4: fix release_lockowner
NeilBrown [Fri, 8 Jul 2005 00:59:14 +0000 (17:59 -0700)]
We oops in list_for_each_entry(), because release_stateowner frees something
on the list we're traversing.

Signed-off-by: Andy Adamson <andros@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

fs/nfsd/nfs4state.c

index 9f9db40..e388c90 100644 (file)
@@ -3084,7 +3084,12 @@ nfsd4_release_lockowner(struct svc_rqst *rqstp, struct nfsd4_release_lockowner *
         * of the lockowner state released; so don't release any until all
         * have been checked. */
        status = nfs_ok;
-       list_for_each_entry(sop, &matches, so_perclient) {
+       while (!list_empty(&matches)) {
+               sop = list_entry(matches.next, struct nfs4_stateowner,
+                                                               so_perclient);
+               /* unhash_stateowner deletes so_perclient only
+                * for openowners. */
+               list_del(&sop->so_perclient);
                release_stateowner(sop);
        }
 out: