NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode
[ Upstream commit b6d49ecd1081740b6e632366428b960461f8158b ] When returning the layout in nfs4_evict_inode(), we need to ensure that the layout is actually done being freed before we can proceed to free the inode itself. Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Trond Myklebust
committed by
Greg Kroah-Hartman
Greg Kroah-Hartman
parent
06ac2ca098
commit
3c0f0f5f58
@@ -67,7 +67,7 @@ static void nfs4_evict_inode(struct inode *inode)
|
||||
nfs_inode_evict_delegation(inode);
|
||||
/* Note that above delegreturn would trigger pnfs return-on-close */
|
||||
pnfs_return_layout(inode);
|
||||
pnfs_destroy_layout(NFS_I(inode));
|
||||
pnfs_destroy_layout_final(NFS_I(inode));
|
||||
/* First call standard NFS clear_inode() code */
|
||||
nfs_clear_inode(inode);
|
||||
nfs4_xattr_cache_zap(inode);
|
||||
|
||||
Reference in New Issue
Block a user