From patchwork Thu Sep 4 12:38:30 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Layton X-Patchwork-Id: 4845231 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 8F335C0338 for ; Thu, 4 Sep 2014 12:44:53 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 6F03E2026C for ; Thu, 4 Sep 2014 12:44:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 4BA0D2026D for ; Thu, 4 Sep 2014 12:44:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751420AbaIDMjH (ORCPT ); Thu, 4 Sep 2014 08:39:07 -0400 Received: from mail-qg0-f50.google.com ([209.85.192.50]:33555 "EHLO mail-qg0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751219AbaIDMjC (ORCPT ); Thu, 4 Sep 2014 08:39:02 -0400 Received: by mail-qg0-f50.google.com with SMTP id q108so9630205qgd.23 for ; Thu, 04 Sep 2014 05:39:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=zKZ8qbIht/qOARNdRgbipjTm1a+/zXf/BmmMdwTuYn0=; b=WF4OeUk1Inb+y+jTMeyXiQLFTm1kGivcLRGxnhFXzxNdt2WuUWB5tB6PW6VigzsQMa DMLBYAqmN4f2PWxeFgT3LKsN2udHHIZEoiqjTCV5DWDlkzZ9vg1Ec4Sh703XopuS1+fd ck6072zyGFnAD8if308d5HnuQeUQ7BwlSvmiT2aTihSt5dJccWEHO7dEiAb0GQYf2lvh NPdc7SS/+8SdEPbS8wVl1K/VjgKbQwXfPuLFoEtlA0T502g8dz9oEdCXh1Fwz04lOUns ioZnofB24MkzhjNIN7xBtke7O7b9Lf+MU6vlZloCJyQ555WwYeIUzNRCCrju+4h2Bv7C tZTw== X-Gm-Message-State: ALoCoQkaxWmkpkxQzNxp4A74jhZCA+ChzMPtwsJ/stG3ZlZ4/XN23otyty9cMKGQ60ZY28XnJfzs X-Received: by 10.224.136.200 with SMTP id s8mr6736465qat.44.1409834340784; Thu, 04 Sep 2014 05:39:00 -0700 (PDT) Received: from tlielax.poochiereds.net ([2001:470:8:d63:3a60:77ff:fe93:a95d]) by mx.google.com with ESMTPSA id t5sm19186512qat.24.2014.09.04.05.38.59 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Sep 2014 05:38:59 -0700 (PDT) From: Jeff Layton To: linux-fsdevel@vger.kernel.org Cc: linux-nfs@vger.kernel.org, Christoph Hellwig , "J. Bruce Fields" , linux-kernel@vger.kernel.org Subject: [PATCH v2 04/17] nfsd: fix potential lease memory leak in nfs4_setlease Date: Thu, 4 Sep 2014 08:38:30 -0400 Message-Id: <1409834323-7171-5-git-send-email-jlayton@primarydata.com> X-Mailer: git-send-email 1.9.3 In-Reply-To: <1409834323-7171-1-git-send-email-jlayton@primarydata.com> References: <1409834323-7171-1-git-send-email-jlayton@primarydata.com> Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Spam-Status: No, score=-8.5 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP It's unlikely to ever occur, but if there were already a lease set on the file then we could end up getting back a different pointer on a successful setlease attempt than the one we allocated. If that happens, the one we allocated could leak. In practice, I don't think this will happen due to the fact that we only try to set up the lease once per nfs4_file, but this error handling is a bit more correct given the current lease API. Cc: J. Bruce Fields Signed-off-by: Jeff Layton Reviewed-by: Christoph Hellwig --- fs/nfsd/nfs4state.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index fd5ff4b17292..29fac18d9102 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -3774,7 +3774,7 @@ static struct file_lock *nfs4_alloc_init_lease(struct nfs4_file *fp, int flag) static int nfs4_setlease(struct nfs4_delegation *dp) { struct nfs4_file *fp = dp->dl_stid.sc_file; - struct file_lock *fl; + struct file_lock *fl, *ret; struct file *filp; int status = 0; @@ -3788,11 +3788,14 @@ static int nfs4_setlease(struct nfs4_delegation *dp) return -EBADF; } fl->fl_file = filp; - status = vfs_setlease(filp, fl->fl_type, &fl); + ret = fl; + status = vfs_setlease(filp, fl->fl_type, &ret); if (status) { locks_free_lock(fl); goto out_fput; } + if (ret != fl) + locks_free_lock(fl); spin_lock(&state_lock); spin_lock(&fp->fi_lock); /* Did the lease get broken before we took the lock? */