nfsd: unlock on error in manage_cpntf_state()

We are holding the "nn->s2s_cp_lock" so we can't return directly
without unlocking first.

Fixes: f3dee17721a0 ("NFSD check stateids against copy stateids")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>

diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 296765e693d00e7fe37761c5fc810b51a12dbe9c..390ad454a229cc4ab721ca0c5c5f8d383f4e3ba2 100644 (file)
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -5695,13 +5695,16 @@ __be32 manage_cpntf_state(struct nfsd_net *nn, stateid_t *st,
        if (cps_t) {
                state = container_of(cps_t, struct nfs4_cpntf_state,
                                     cp_stateid);
-               if (state->cp_stateid.sc_type != NFS4_COPYNOTIFY_STID)
-                       return nfserr_bad_stateid;
+               if (state->cp_stateid.sc_type != NFS4_COPYNOTIFY_STID) {
+                       state = NULL;
+                       goto unlock;
+               }
                if (!clp)
                        refcount_inc(&state->cp_stateid.sc_count);
                else
                        _free_cpntf_state_locked(nn, state);
        }
+unlock:
        spin_unlock(&nn->s2s_cp_lock);
        if (!state)
                return nfserr_bad_stateid;