NFS: Fix nfs_migrate_page()

commit 190f38e5cedc910940b1da9015f00458c18f97b4 upstream. The call to migrate_page() will cause the page->private field to be cleared. Also fix up the locking around the page->private transfer, so that we ensure that calls to nfs_page_find_request() don't end up racing. Finally, fix up a double free bug: nfs_unlock_request() already calls nfs_release_request() for us... Reported-by: Wu Fengguang <fengguang.wu@intel.com> Tested-by: Andi Kleen <andi@firstfloor.org> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Trond Myklebust <Trond.Myklebust@netapp.com> 2009-12-10 09:05:55 -0500
committer: Greg Kroah-Hartman <gregkh@suse.de> 2009-12-18 14:04:09 -0800
commit: e4f676cea796e170fcd8561c8e2a234724d05f35 (patch)
tree: d8e9eb42cf89b6cbedcf1ed9997e233a63d10f17 /fs
parent: b9058d460800ee672e90d09f7419117baa64f045 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/fs/nfs/write.c b/fs/nfs/write.c
index 53eb26c16b50..6fc37762c495 100644
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -1612,15 +1612,16 @@ int nfs_migrate_page(struct address_space *mapping, struct page *newpage,
 	if (ret)
 		goto out_unlock;
 	page_cache_get(newpage);
+	spin_lock(&mapping->host->i_lock);
 	req->wb_page = newpage;
 	SetPagePrivate(newpage);
-	set_page_private(newpage, page_private(page));
+	set_page_private(newpage, (unsigned long)req);
 	ClearPagePrivate(page);
 	set_page_private(page, 0);
+	spin_unlock(&mapping->host->i_lock);
 	page_cache_release(page);
 out_unlock:
 	nfs_clear_page_tag_locked(req);
-	nfs_release_request(req);
 out:
 	return ret;
 }
author	Trond Myklebust <Trond.Myklebust@netapp.com>	2009-12-10 09:05:55 -0500
committer	Greg Kroah-Hartman <gregkh@suse.de>	2009-12-18 14:04:09 -0800
commit	e4f676cea796e170fcd8561c8e2a234724d05f35 (patch)
tree	d8e9eb42cf89b6cbedcf1ed9997e233a63d10f17 /fs
parent	b9058d460800ee672e90d09f7419117baa64f045 (diff)