diff options
| author | Josef Bacik <jbacik@fb.com> | 2016-08-10 14:46:27 -0400 |
|---|---|---|
| committer | J. Bruce Fields <bfields@redhat.com> | 2016-08-11 11:42:08 -0400 |
| commit | 502aa0a5be633e6558574ebcf63b65afdfbfcd7a (patch) | |
| tree | f1998fcb7817d265fc5ac53fb21db03a80e0a6eb /fs | |
| parent | 29b4817d4018df78086157ea3a55c1d9424a7cfc (diff) | |
| download | linux-502aa0a5be633e6558574ebcf63b65afdfbfcd7a.tar.gz | |
nfsd: fix dentry refcounting on create
b44061d0b9 introduced a dentry ref counting bug. Previously we were grabbing one ref to dchild in nfsd_create(), but with the creation of nfsd_create_locked() we have a ref for dchild from the lookup in nfsd_create(), and then another ref in nfsd_create_locked(). The ref from the lookup in nfsd_create() is never dropped and results in dentries still in use at unmount. Signed-off-by: Josef Bacik <jbacik@fb.com> Fixes: b44061d0b9 "nfsd: reorganize nfsd_create" Reported-by: kernel test robot <xiaolong.ye@intel.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Acked-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/nfsd/vfs.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index ba944123167b..ff476e654b8f 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -1252,10 +1252,13 @@ nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, if (IS_ERR(dchild)) return nfserrno(host_err); err = fh_compose(resfhp, fhp->fh_export, dchild, fhp); - if (err) { - dput(dchild); + /* + * We unconditionally drop our ref to dchild as fh_compose will have + * already grabbed its own ref for it. + */ + dput(dchild); + if (err) return err; - } return nfsd_create_locked(rqstp, fhp, fname, flen, iap, type, rdev, resfhp); } |