summaryrefslogtreecommitdiffstats
path: root/fs/nfsd
diff options
context:
space:
mode:
authorAndrew Elble <aweits@rit.edu>2018-04-18 23:04:37 +0200
committerJ. Bruce Fields <bfields@redhat.com>2018-06-08 22:42:29 +0200
commit692ad280bff3e81721ab138b9455948ab5289acf (patch)
treed3949a9ca159e06cc169aa650af07e90561e3172 /fs/nfsd
parentnfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (diff)
downloadlinux-692ad280bff3e81721ab138b9455948ab5289acf.tar.xz
linux-692ad280bff3e81721ab138b9455948ab5289acf.zip
nfsd: fix error handling in nfs4_set_delegation()
I noticed a memory corruption crash in nfsd in 4.17-rc1. This patch corrects the issue. Fix to return error if the delegation couldn't be hashed or there was a recall in progress. Use the existing error path instead of destroy_delegation() for readability. Signed-off-by: Andrew Elble <aweits@rit.edu> Fixes: 353601e7d323c ("nfsd: create a separate lease for each delegation") Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs/nfsd')
-rw-r--r--fs/nfsd/nfs4state.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index fc74d6f46bd5..3b40d1b57613 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -4378,8 +4378,11 @@ nfs4_set_delegation(struct nfs4_client *clp, struct svc_fh *fh,
spin_unlock(&state_lock);
if (status)
- destroy_unhashed_deleg(dp);
+ goto out_unlock;
+
return dp;
+out_unlock:
+ vfs_setlease(fp->fi_deleg_file, F_UNLCK, NULL, (void **)&dp);
out_clnt_odstate:
put_clnt_odstate(dp->dl_clnt_odstate);
out_stid: