Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753559Ab3CKAll (ORCPT ); Sun, 10 Mar 2013 20:41:41 -0400 Received: from mail-pb0-f43.google.com ([209.85.160.43]:42106 "EHLO mail-pb0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753467Ab3CKAlj (ORCPT ); Sun, 10 Mar 2013 20:41:39 -0400 From: ycnian@gmail.com To: bfields@fieldses.org Cc: linux-kernel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH] nfsd: fix bug on nfs4 stateid deallocation Date: Mon, 11 Mar 2013 08:29:46 +0800 Message-Id: <1362961786-4452-1-git-send-email-ycnian@gmail.com> X-Mailer: git-send-email 1.7.4.4 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1051 Lines: 30 NFS4_OO_PURGE_CLOSE is not handled properly. To avoid memory leak, nfs4 stateid which is pointed by oo_last_closed_stid is freed in nfsd4_close(), but NFS4_OO_PURGE_CLOSE isn't cleared meanwhile. So the stateid released in THIS close procedure may be freed immediately in the coming encoding function. --- fs/nfsd/nfs4state.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 75c873d..7499c91 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -3850,6 +3850,7 @@ nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, nfsd4_close_open_stateid(stp); release_last_closed_stateid(oo); + oo->oo_flags &= ~NFS4_OO_PURGE_CLOSE; oo->oo_last_closed_stid = stp; if (list_empty(&oo->oo_owner.so_stateids)) { -- 1.8.0.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/