NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails
authorMisono Tomohiro <misono.tomohiro@jp.fujitsu.com>
Wed, 28 Aug 2019 08:01:22 +0000 (17:01 +0900)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 24 Apr 2020 05:59:11 +0000 (07:59 +0200)
[ Upstream commit 8605cf0e852af3b2c771c18417499dc4ceed03d5 ]

When dreq is allocated by nfs_direct_req_alloc(), dreq->kref is
initialized to 2. Therefore we need to call nfs_direct_req_release()
twice to release the allocated dreq. Usually it is called in
nfs_file_direct_{read, write}() and nfs_direct_complete().

However, current code only calls nfs_direct_req_relese() once if
nfs_get_lock_context() fails in nfs_file_direct_{read, write}().
So, that case would result in memory leak.

Fix this by adding the missing call.

Signed-off-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
fs/nfs/direct.c

index 53f0012ace42ffd160664e2e163739104a84a063..de135d2591ffbc24e03edaaf607077bc6ee0ed22 100644 (file)
@@ -595,6 +595,7 @@ ssize_t nfs_file_direct_read(struct kiocb *iocb, struct iov_iter *iter)
        l_ctx = nfs_get_lock_context(dreq->ctx);
        if (IS_ERR(l_ctx)) {
                result = PTR_ERR(l_ctx);
+               nfs_direct_req_release(dreq);
                goto out_release;
        }
        dreq->l_ctx = l_ctx;
@@ -1019,6 +1020,7 @@ ssize_t nfs_file_direct_write(struct kiocb *iocb, struct iov_iter *iter)
        l_ctx = nfs_get_lock_context(dreq->ctx);
        if (IS_ERR(l_ctx)) {
                result = PTR_ERR(l_ctx);
+               nfs_direct_req_release(dreq);
                goto out_release;
        }
        dreq->l_ctx = l_ctx;