From: David Teigland <teigland@redhat.com>
Date: Thu, 5 Jun 2008 14:10:43 -0500
Subject: [dlm] fix possible use-after-free
Message-id: 20080605191043.GL18635@redhat.com
O-Subject: [RHEL5.3 PATCH 12/18] dlm: fix possible use-after-free
Bugzilla: 450132
RH-Acked-by: Bob Peterson <rpeterso@redhat.com>

bz 450132  dlm: fixes for recovery of user lockspace

Fix bugs when userland apps using the dlm join/leave the lockspace,
causing recovery.

brew build including this patch
http://brewweb.devel.redhat.com/brew/taskinfo?taskID=1344633

upstream commit:

>From ce5246b972f7514af899a63c0faf831d05ed5ee1 Mon Sep 17 00:00:00 2001
>From: David Teigland <teigland@redhat.com>
>Date: Mon, 14 Jan 2008 15:48:58 -0600
>Subject: [PATCH] dlm: fix possible use-after-free

The dlm_put_lkb() can free the lkb and its associated ua structure,
so we can't depend on using the ua struct after the put.

Signed-off-by: David Teigland <teigland@redhat.com>

diff --git a/fs/dlm/user.c b/fs/dlm/user.c
index c19eac7..4390df2 100644
--- a/fs/dlm/user.c
+++ b/fs/dlm/user.c
@@ -241,12 +241,12 @@ void dlm_user_add_ast(struct dlm_lkb *lkb, int type)
 	spin_unlock(&proc->asts_spin);
 
 	if (eol) {
-		spin_lock(&ua->proc->locks_spin);
+		spin_lock(&proc->locks_spin);
 		if (!list_empty(&lkb->lkb_ownqueue)) {
 			list_del_init(&lkb->lkb_ownqueue);
 			dlm_put_lkb(lkb);
 		}
-		spin_unlock(&ua->proc->locks_spin);
+		spin_unlock(&proc->locks_spin);
 	}
  out:
 	mutex_unlock(&ls->ls_clear_proc_locks);