nfsd: fix file access refcount leak when nfsd4_truncate fails (7e6a72e5) · Commits · e / devices / android_kernel_oneplus_sm8150

fs/nfsd/nfs4state.c

+30 −32

Original line number	Original line	Diff line number	Diff line
	@@ -3046,6 +3046,21 @@ static inline int nfs4_access_to_access(u32 nfs4_access)
	return flags;		return flags;
	}		}

			static inline __be32
			nfsd4_truncate(struct svc_rqst rqstp, struct svc_fh fh,
			struct nfsd4_open *open)
			{
			struct iattr iattr = {
			.ia_valid = ATTR_SIZE,
			.ia_size = 0,
			};
			if (!open->op_truncate)
			return 0;
			if (!(open->op_share_access & NFS4_SHARE_ACCESS_WRITE))
			return nfserr_inval;
			return nfsd_setattr(rqstp, fh, &iattr, 0, (time_t)0);
			}

	static __be32 nfs4_get_vfs_file(struct svc_rqst rqstp, struct nfs4_file fp,		static __be32 nfs4_get_vfs_file(struct svc_rqst rqstp, struct nfs4_file fp,
	struct svc_fh cur_fh, struct nfsd4_open open)		struct svc_fh cur_fh, struct nfsd4_open open)
	{		{
	@@ -3057,53 +3072,39 @@ static __be32 nfs4_get_vfs_file(struct svc_rqst rqstp, struct nfs4_file fp,
	status = nfsd_open(rqstp, cur_fh, S_IFREG, access,		status = nfsd_open(rqstp, cur_fh, S_IFREG, access,
	&fp->fi_fds[oflag]);		&fp->fi_fds[oflag]);
	if (status)		if (status)
	return status;		goto out;
	}		}
	nfs4_file_get_access(fp, oflag);		nfs4_file_get_access(fp, oflag);

			status = nfsd4_truncate(rqstp, cur_fh, open);
			if (status)
			goto out_put_access;

	return nfs_ok;		return nfs_ok;
	}

	static inline __be32		out_put_access:
	nfsd4_truncate(struct svc_rqst rqstp, struct svc_fh fh,		nfs4_file_put_access(fp, oflag);
	struct nfsd4_open *open)		out:
	{		return status;
	struct iattr iattr = {
	.ia_valid = ATTR_SIZE,
	.ia_size = 0,
	};
	if (!open->op_truncate)
	return 0;
	if (!(open->op_share_access & NFS4_SHARE_ACCESS_WRITE))
	return nfserr_inval;
	return nfsd_setattr(rqstp, fh, &iattr, 0, (time_t)0);
	}		}

	static __be32		static __be32
	nfs4_upgrade_open(struct svc_rqst rqstp, struct nfs4_file fp, struct svc_fh cur_fh, struct nfs4_ol_stateid stp, struct nfsd4_open *open)		nfs4_upgrade_open(struct svc_rqst rqstp, struct nfs4_file fp, struct svc_fh cur_fh, struct nfs4_ol_stateid stp, struct nfsd4_open *open)
	{		{
	u32 op_share_access = open->op_share_access;		u32 op_share_access = open->op_share_access;
	bool new_access;
	__be32 status;		__be32 status;

	new_access = !test_access(op_share_access, stp);		if (!test_access(op_share_access, stp))
	if (new_access) {
	status = nfs4_get_vfs_file(rqstp, fp, cur_fh, open);		status = nfs4_get_vfs_file(rqstp, fp, cur_fh, open);
	if (status)		else
	return status;
	}
	status = nfsd4_truncate(rqstp, cur_fh, open);		status = nfsd4_truncate(rqstp, cur_fh, open);
	if (status) {
	if (new_access) {		if (status)
	int oflag = nfs4_access_to_omode(op_share_access);
	nfs4_file_put_access(fp, oflag);
	}
	return status;		return status;
	}
	/* remember the open */		/* remember the open */
	set_access(op_share_access, stp);		set_access(op_share_access, stp);
	set_deny(open->op_share_deny, stp);		set_deny(open->op_share_deny, stp);

	return nfs_ok;		return nfs_ok;
	}		}

	@@ -3352,9 +3353,6 @@ nfsd4_process_open2(struct svc_rqst rqstp, struct svc_fh current_fh, struct nf
	goto out;		goto out;
	} else {		} else {
	status = nfs4_get_vfs_file(rqstp, fp, current_fh, open);		status = nfs4_get_vfs_file(rqstp, fp, current_fh, open);
	if (status)
	goto out;
	status = nfsd4_truncate(rqstp, current_fh, open);
	if (status)		if (status)
	goto out;		goto out;
	stp = open->op_stp;		stp = open->op_stp;