From: NeilBrown <neil@brown.name>
To: Chuck Lever <chuck.lever@oracle.com>,
Jeff Layton <jlayton@kernel.org>,
Mike Snitzer <snitzer@kernel.org>
Cc: Trond Myklebust <trondmy@kernel.org>,
Anna Schumaker <anna.schumaker@oracle.com>,
linux-nfs@vger.kernel.org
Subject: [PATCH 1/2] nfsd: avoid ref leak in nfsd_open_local_fh()
Date: Fri, 18 Jul 2025 11:26:14 +1000 [thread overview]
Message-ID: <20250718012831.2187613-2-neil@brown.name> (raw)
In-Reply-To: <20250718012831.2187613-1-neil@brown.name>
If two calls to nfsd_open_local_fh() race and both successfully call
nfsd_file_acquire_local(), they will both get an extra reference to the
net to accompany the file reference stored in *pnf.
One of them will fail to store (using xchg()) the file reference in
*pnf and will drop that reference but WONT drop the accompanying
reference to the net. This leak means that when the nfs server is shut
down it will hang in nfsd_shutdown_net() waiting for
&nn->nfsd_net_free_done.
This patch adds the missing nfsd_net_put().
Reported-by: Mike Snitzer <snitzer@kernel.org>
Fixes: e6f7e1487ab5 ("nfs_localio: simplify interface to nfsd for getting nfsd_file")
Signed-off-by: NeilBrown <neil@brown.name>
---
fs/nfsd/localio.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/nfsd/localio.c b/fs/nfsd/localio.c
index 80d9ff6608a7..519bbdedcb11 100644
--- a/fs/nfsd/localio.c
+++ b/fs/nfsd/localio.c
@@ -103,10 +103,11 @@ nfsd_open_local_fh(struct net *net, struct auth_domain *dom,
if (nfsd_file_get(new) == NULL)
goto again;
/*
- * Drop the ref we were going to install and the
- * one we were going to return.
+ * Drop the ref we were going to install (both file and
+ * net) and the one we were going to return (only file).
*/
nfsd_file_put(localio);
+ nfsd_net_put(net);
nfsd_file_put(localio);
localio = new;
}
--
2.49.0
next prev parent reply other threads:[~2025-07-18 1:28 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-18 1:26 [PATCH 0/2 RFT] nfsd: fix another problem with recent localio changes NeilBrown
2025-07-18 1:26 ` NeilBrown [this message]
2025-07-18 2:37 ` [PATCH 1/2] nfsd: avoid ref leak in nfsd_open_local_fh() Mike Snitzer
2025-07-18 3:00 ` NeilBrown
2025-07-18 1:26 ` [PATCH 2/2] nfsd: discard nfsd_file_get_local() NeilBrown
2025-07-18 2:37 ` Mike Snitzer
2025-07-18 11:52 ` [PATCH 0/2 RFT] nfsd: fix another problem with recent localio changes Jeff Layton
2025-07-18 14:25 ` Chuck Lever
2025-07-18 14:27 ` Mike Snitzer
2025-07-18 14:36 ` Mike Snitzer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250718012831.2187613-2-neil@brown.name \
--to=neil@brown.name \
--cc=anna.schumaker@oracle.com \
--cc=chuck.lever@oracle.com \
--cc=jlayton@kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=snitzer@kernel.org \
--cc=trondmy@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox