Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 415b96c5 authored by Jeff Layton's avatar Jeff Layton
Browse files

nfsd: fix potential lease memory leak in nfs4_setlease 



It's unlikely to ever occur, but if there were already a lease set on
the file then we could end up getting back a different pointer on a
successful setlease attempt than the one we allocated. If that happens,
the one we allocated could leak.

In practice, I don't think this will happen due to the fact that we only
try to set up the lease once per nfs4_file, but this error handling is a
bit more correct given the current lease API.

Cc: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: default avatarJeff Layton <jlayton@primarydata.com>
Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
parent bfe86024

fs/nfsd/nfs4state.c

+5 −2
Original line number Diff line number Diff line
@@ -3781,7 +3781,7 @@ static struct file_lock *nfs4_alloc_init_lease(struct nfs4_file *fp, int flag) 
static int nfs4_setlease(struct nfs4_delegation *dp)

{

	struct nfs4_file *fp = dp->dl_stid.sc_file;

	struct file_lock *fl;

	struct file_lock *fl, *ret;

	struct file *filp;

	int status = 0;
@@ -3795,11 +3795,14 @@ static int nfs4_setlease(struct nfs4_delegation *dp) 
		return -EBADF;

	}

	fl->fl_file = filp;

	status = vfs_setlease(filp, fl->fl_type, &fl);

	ret = fl;

	status = vfs_setlease(filp, fl->fl_type, &ret);

	if (status) {

		locks_free_lock(fl);

		goto out_fput;

	}

	if (ret != fl)

		locks_free_lock(fl);

	spin_lock(&state_lock);

	spin_lock(&fp->fi_lock);

	/* Did the lease get broken before we took the lock? */