nfsd: unlock on error in manage_cpntf_state()

We are holding the "nn->s2s_cp_lock" so we can't return directly without unlocking first. Fixes: f3dee17721a0 ("NFSD check stateids against copy stateids") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>

nfsd: unlock on error in manage_cpntf_state()
We are holding the "nn->s2s_cp_lock" so we can't return directly without unlocking first. Fixes: f3dee17721a0 ("NFSD check stateids against copy stateids") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
5277a79e · Dan Carpenter · J. Bruce Fields · ce0887ac · 5277a79e
Commit 5277a79e authored Dec 04, 2019 by Dan Carpenter Committed by J. Bruce Fields Dec 09, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

fs/nfsd/nfs4state.c fs/nfsd/nfs4state.c +5 -2

No files found.
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -5695,13 +5695,16 @@ __be32 manage_cpntf_state(struct nfsd_net *nn, stateid_t *st,
 	if (cps_t) {
 		state = container_of(cps_t, struct nfs4_cpntf_state,
 				     cp_stateid);
-		if (state->cp_stateid.sc_type != NFS4_COPYNOTIFY_STID)
-			return nfserr_bad_stateid;
+		if (state->cp_stateid.sc_type != NFS4_COPYNOTIFY_STID) {
+			state = NULL;
+			goto unlock;
+		}
 		if (!clp)
 			refcount_inc(&state->cp_stateid.sc_count);
 		else
 			_free_cpntf_state_locked(nn, state);
 	}
+unlock:
 	spin_unlock(&nn->s2s_cp_lock);
 	if (!state)
 		return nfserr_bad_stateid;