pNFS: Layoutreturn must free the layout after the layout-private data The layout-private data may depend on the layout and/or the inode still existing when it does post-processing and frees its data, so we need to free them after calling lrp->ld_private.ops->free(). This fixes a mirror list corruption issue in the flexfiles driver. Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>

commit: 2f065ddb64193ebf9cd600395d4782287cd0f58e [log] [tgz]
author: Trond Myklebust <trond.myklebust@primarydata.com> Wed Dec 07 12:29:26 2016 -0500
committer: Trond Myklebust <trond.myklebust@primarydata.com> Wed Dec 07 13:41:59 2016 -0500
tree: 3317f39d8df34fd64a5e8e47b47b14b91e61fe9f
parent: cb067935175ca477380806dc80bf5f0bb51f6f71 [diff] [blame]
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index d3431ff..c5a5086 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c

@@ -8641,10 +8641,10 @@ static void nfs4_layoutreturn_release(void *calldata)
 	pnfs_layoutreturn_free_lsegs(lo, &lrp->args.stateid, &lrp->args.range,
 			lrp->res.lrs_present ? &lrp->res.stateid : NULL);
 	nfs4_sequence_free_slot(&lrp->res.seq_res);
-	pnfs_put_layout_hdr(lrp->args.layout);
-	nfs_iput_and_deactive(lrp->inode);
 	if (lrp->ld_private.ops && lrp->ld_private.ops->free)
 		lrp->ld_private.ops->free(&lrp->ld_private);
+	pnfs_put_layout_hdr(lrp->args.layout);
+	nfs_iput_and_deactive(lrp->inode);
 	kfree(calldata);
 	dprintk("<-- %s\n", __func__);
 }
commit	2f065ddb64193ebf9cd600395d4782287cd0f58e	[log] [tgz]
author	Trond Myklebust <trond.myklebust@primarydata.com>	Wed Dec 07 12:29:26 2016 -0500
committer	Trond Myklebust <trond.myklebust@primarydata.com>	Wed Dec 07 13:41:59 2016 -0500
tree	3317f39d8df34fd64a5e8e47b47b14b91e61fe9f
parent	cb067935175ca477380806dc80bf5f0bb51f6f71 [diff] [blame]