tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

nfsd: fix end_creating() conversion

Avoid a double-unlock as nfs_create_locked() will have unlocked the
parent and do the dput() manually.

Christian Brauner <brauner@kernel.org> says:

I've taken Neil's proposed fix from [1] and added a commit message.

Fixes: https://lore.kernel.org/202511252132.2c621407-lkp@intel.com [1]
Fixes: bd6ede8a06e8 ("VFS/nfsd/cachefiles/ovl: introduce start_removing() and end_removing()")
Signed-off-by: Neil Brown <neil@brown.name>
Signed-off-by: Christian Brauner <brauner@kernel.org>

authored by

Neil Brown and committed by
Christian Brauner eeec741e 523ac768

+5 -4
+3
fs/nfsd/nfsproc.c
··· 407 407 /* File doesn't exist. Create it and set attrs */ 408 408 resp->status = nfsd_create_locked(rqstp, dirfhp, &attrs, type, 409 409 rdev, newfhp); 410 + /* nfsd_create_locked() unlocked the parent */ 411 + dput(dchild); 412 + goto out_write; 410 413 } else if (type == S_IFREG) { 411 414 dprintk("nfsd: existing %s, valid=%x, size=%ld\n", 412 415 argp->name, attr->ia_valid, (long) attr->ia_size);
+2 -4
fs/nfsd/vfs.c
··· 1633 1633 return nfserrno(host_err); 1634 1634 1635 1635 err = fh_compose(resfhp, fhp->fh_export, dchild, fhp); 1636 - /* 1637 - * We unconditionally drop our ref to dchild as fh_compose will have 1638 - * already grabbed its own ref for it. 1639 - */ 1640 1636 if (err) 1641 1637 goto out_unlock; 1642 1638 err = fh_fill_pre_attrs(fhp); 1643 1639 if (err != nfs_ok) 1644 1640 goto out_unlock; 1645 1641 err = nfsd_create_locked(rqstp, fhp, attrs, type, rdev, resfhp); 1642 + /* nfsd_create_locked() unlocked the parent */ 1643 + dput(dchild); 1646 1644 return err; 1647 1645 1648 1646 out_unlock: