Commit 5277a79e authored by Dan Carpenter's avatar Dan Carpenter Committed by J. Bruce Fields
Browse files

nfsd: unlock on error in manage_cpntf_state() 



We are holding the "nn->s2s_cp_lock" so we can't return directly
without unlocking first.

Fixes: f3dee17721a0 ("NFSD check stateids against copy stateids")
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent ce0887ac

fs/nfsd/nfs4state.c

+5 −2
Original line number Diff line number Diff line
@@ -5695,13 +5695,16 @@ __be32 manage_cpntf_state(struct nfsd_net *nn, stateid_t *st, 
	if (cps_t) {

		state = container_of(cps_t, struct nfs4_cpntf_state,

				     cp_stateid);

		if (state->cp_stateid.sc_type != NFS4_COPYNOTIFY_STID)

			return nfserr_bad_stateid;

		if (state->cp_stateid.sc_type != NFS4_COPYNOTIFY_STID) {

			state = NULL;

			goto unlock;

		}

		if (!clp)

			refcount_inc(&state->cp_stateid.sc_count);

		else

			_free_cpntf_state_locked(nn, state);

	}

unlock:

	spin_unlock(&nn->s2s_cp_lock);

	if (!state)

		return nfserr_bad_stateid;

CRA Git | Maintained and supported by SUSTech CRA and CCSE