summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeff Layton <jlayton@primarydata.com>2014-08-22 18:26:36 +0200
committerJeff Layton <jlayton@primarydata.com>2014-10-07 20:06:12 +0200
commit415b96c5a1fe31ed9deb0618e95ecbb1df3de54c (patch)
treebe4fbf6503911abac9a71fc0856c3e7a9b27e221
parentlocks: close potential race in lease_get_mtime (diff)
downloadlinux-415b96c5a1fe31ed9deb0618e95ecbb1df3de54c.tar.xz
linux-415b96c5a1fe31ed9deb0618e95ecbb1df3de54c.zip
nfsd: fix potential lease memory leak in nfs4_setlease
It's unlikely to ever occur, but if there were already a lease set on the file then we could end up getting back a different pointer on a successful setlease attempt than the one we allocated. If that happens, the one we allocated could leak. In practice, I don't think this will happen due to the fact that we only try to set up the lease once per nfs4_file, but this error handling is a bit more correct given the current lease API. Cc: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Jeff Layton <jlayton@primarydata.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
-rw-r--r--fs/nfsd/nfs4state.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index a91e521622c3..5bb4952faf5b 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -3781,7 +3781,7 @@ static struct file_lock *nfs4_alloc_init_lease(struct nfs4_file *fp, int flag)
static int nfs4_setlease(struct nfs4_delegation *dp)
{
struct nfs4_file *fp = dp->dl_stid.sc_file;
- struct file_lock *fl;
+ struct file_lock *fl, *ret;
struct file *filp;
int status = 0;
@@ -3795,11 +3795,14 @@ static int nfs4_setlease(struct nfs4_delegation *dp)
return -EBADF;
}
fl->fl_file = filp;
- status = vfs_setlease(filp, fl->fl_type, &fl);
+ ret = fl;
+ status = vfs_setlease(filp, fl->fl_type, &ret);
if (status) {
locks_free_lock(fl);
goto out_fput;
}
+ if (ret != fl)
+ locks_free_lock(fl);
spin_lock(&state_lock);
spin_lock(&fp->fi_lock);
/* Did the lease get broken before we took the lock? */