fs/nfsd/nfs4state.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
Claude pointed out that there is nfs4_file refcount leak in
nfsd_get_dir_deleg(). Ensure that the reference to "fp" is released
before returning.
Cc: Chris Mason <clm@meta.com>
Fixes: 8b99f6a8c116 ("nfsd: wire up GET_DIR_DELEGATION handling")
Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
fs/nfsd/nfs4state.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 808c24fb5c9a0b432d3271c051b409fcb75970cd..90d355af1a21e6cab14fc1178f249c9716aef441 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -9456,8 +9456,10 @@ nfsd_get_dir_deleg(struct nfsd4_compound_state *cstate,
spin_unlock(&clp->cl_lock);
spin_unlock(&state_lock);
- if (!status)
+ if (!status) {
+ put_nfs4_file(fp);
return dp;
+ }
/* Something failed. Drop the lease and clean up the stid */
kernel_setlease(fp->fi_deleg_file->nf_file, F_UNLCK, NULL, (void **)&dp);
@@ -9465,5 +9467,6 @@ nfsd_get_dir_deleg(struct nfsd4_compound_state *cstate,
nfs4_put_stid(&dp->dl_stid);
out_delegees:
put_deleg_file(fp);
+ put_nfs4_file(fp);
return ERR_PTR(status);
}
---
base-commit: 187d0801404f415f22c0b31531982c7ea97fa341
change-id: 20251213-nfsd-6-19-ba98c52c77da
Best regards,
--
Jeff Layton <jlayton@kernel.org>From: Chuck Lever <chuck.lever@oracle.com>
On Sat, 13 Dec 2025 11:53:17 +0900, Jeff Layton wrote:
> Claude pointed out that there is nfs4_file refcount leak in
> nfsd_get_dir_deleg(). Ensure that the reference to "fp" is released
> before returning.
>
>
Applied to nfsd-testing, thanks!
[1/1] nfsd: fix nfs4_file refcount leak in nfsd_get_dir_deleg()
commit: 08efc1ef9f6e574de433c4df4899ca07b251fe57
--
Chuck Lever
© 2016 - 2025 Red Hat, Inc.