From b29c9945aba485cf8e895cbafdb894f8da2375b7 Mon Sep 17 00:00:00 2001
From: "John L. Hammond" <john.hammond@intel.com>
Date: Tue, 8 Jul 2014 15:26:09 -0500
Subject: [PATCH] LU-5305 ldlm: fix a use after free in ldlm_resource_get()

If lvbo initialization has failed then save the return status (from
lr_lvb_len) before putting the resource.

Signed-off-by: John L. Hammond <john.hammond@intel.com>
Change-Id: I2d36adcf85f24d5347279e7809bc571a56d87f1e
Reviewed-on: http://review.whamcloud.com/11017
Tested-by: Jenkins
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Reviewed-by: Emoly Liu <emoly.liu@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Dmitry Eremin <dmitry.eremin@intel.com>
---
 lustre/ldlm/ldlm_resource.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lustre/ldlm/ldlm_resource.c b/lustre/ldlm/ldlm_resource.c
index ae70626..5f6a645 100644
--- a/lustre/ldlm/ldlm_resource.c
+++ b/lustre/ldlm/ldlm_resource.c
@@ -1077,6 +1077,7 @@ ldlm_resource_get(struct ldlm_namespace *ns, struct ldlm_resource *parent,
 	cfs_hash_bd_t		bd;
 	__u64			version;
 	int			ns_refcount = 0;
+	int			rc;
 
         LASSERT(ns != NULL);
         LASSERT(parent == NULL);
@@ -1128,8 +1129,9 @@ lvbo_init:
 		}
 
 		if (unlikely(res->lr_lvb_len < 0)) {
+			rc = res->lr_lvb_len;
 			ldlm_resource_putref(res);
-			res = ERR_PTR(res->lr_lvb_len);
+			res = ERR_PTR(rc);
 		}
 		return res;
 	}
@@ -1140,8 +1142,6 @@ lvbo_init:
 
         cfs_hash_bd_unlock(ns->ns_rs_hash, &bd, 1);
         if (ns->ns_lvbo && ns->ns_lvbo->lvbo_init) {
-                int rc;
-
                 OBD_FAIL_TIMEOUT(OBD_FAIL_LDLM_CREATE_RESOURCE, 2);
                 rc = ns->ns_lvbo->lvbo_init(res);
 		if (rc < 0) {
-- 
1.8.3.1