NFSv4: Fix state reference counting in _nfs4_opendata_reclaim_to_nfs4_state
Trond Myklebust [Mon, 28 Oct 2013 18:57:12 +0000 (14:57 -0400)]
commit d49f042aeec99c5f87160bb52dd52088b1051311 upstream.

Currently, if the call to nfs_refresh_inode fails, then we end up leaking
a reference count, due to the call to nfs4_get_open_state.
While we're at it, replace nfs4_get_open_state with a simple call to
atomic_inc(); there is no need to do a full lookup of the struct nfs_state
since it is passed as an argument in the struct nfs4_opendata, and
is already assigned to the variable 'state'.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs/nfs/nfs4proc.c

index d097233..e78b8c2 100644 (file)
@@ -1168,11 +1168,6 @@ _nfs4_opendata_reclaim_to_nfs4_state(struct nfs4_opendata *data)
                goto update;
        }
 
-       ret = -ENOMEM;
-       state = nfs4_get_open_state(inode, data->owner);
-       if (state == NULL)
-               goto err;
-
        ret = nfs_refresh_inode(inode, &data->f_attr);
        if (ret)
                goto err;
@@ -1182,6 +1177,7 @@ _nfs4_opendata_reclaim_to_nfs4_state(struct nfs4_opendata *data)
 update:
        update_open_stateid(state, &data->o_res.stateid, NULL,
                            data->o_arg.fmode);
+       atomic_inc(&state->count);
 
        return state;
 err: