Commit 502aa0a5 authored by Josef Bacik's avatar Josef Bacik Committed by J. Bruce Fields

nfsd: fix dentry refcounting on create

b44061d0 introduced a dentry ref counting bug.  Previously we were
grabbing one ref to dchild in nfsd_create(), but with the creation of
nfsd_create_locked() we have a ref for dchild from the lookup in
nfsd_create(), and then another ref in nfsd_create_locked().  The ref
from the lookup in nfsd_create() is never dropped and results in
dentries still in use at unmount.
Signed-off-by: default avatarJosef Bacik <jbacik@fb.com>
Fixes: b44061d0 "nfsd: reorganize nfsd_create"
Reported-by: default avatarkernel test robot <xiaolong.ye@intel.com>
Reviewed-by: default avatarJeff Layton <jlayton@redhat.com>
Acked-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent 29b4817d
...@@ -1252,10 +1252,13 @@ nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, ...@@ -1252,10 +1252,13 @@ nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp,
if (IS_ERR(dchild)) if (IS_ERR(dchild))
return nfserrno(host_err); return nfserrno(host_err);
err = fh_compose(resfhp, fhp->fh_export, dchild, fhp); err = fh_compose(resfhp, fhp->fh_export, dchild, fhp);
if (err) { /*
* We unconditionally drop our ref to dchild as fh_compose will have
* already grabbed its own ref for it.
*/
dput(dchild); dput(dchild);
if (err)
return err; return err;
}
return nfsd_create_locked(rqstp, fhp, fname, flen, iap, type, return nfsd_create_locked(rqstp, fhp, fname, flen, iap, type,
rdev, resfhp); rdev, resfhp);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment