Re: [PATCH] nfsd: release layout stid on setlease failure

Next message: Abdurrahman Hussain: "[PATCH v4] i2c: mux: reg: use device property accessors"
Previous message: Piyush Patle: "Re: [PATCH v8 v8 02/11] dt-bindings: iio: adc: hx711: add VSUP supply property"
In reply to: Chris Mason: "[PATCH] nfsd: release layout stid on setlease failure"
Next in thread: Jeff Layton: "Re: [PATCH] nfsd: release layout stid on setlease failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Chuck Lever

Date: Mon May 18 2026 - 17:19:28 EST

From: Chuck Lever <chuck.lever@xxxxxxxxxx>

On Mon, 18 May 2026 13:16:36 -0700, Chris Mason wrote:
> nfs4_alloc_stid() publishes the new stid into cl->cl_stateids via
> idr_alloc_cyclic() under cl_lock before returning to
> nfsd4_alloc_layout_stateid(). When nfsd4_layout_setlease() then
> fails, the error path frees the layout stateid directly with
> kmem_cache_free() without ever calling idr_remove(), leaving the
> IDR slot pointing at freed slab memory. Any subsequent IDR walker
> (states_show, client teardown) dereferences the dangling pointer.
>
> [...]

Applied to nfsd-testing, thanks!

[1/1] nfsd: release layout stid on setlease failure
commit: 9e93f8c13374d21254f8dcd0010103da346bc1f3

--
Chuck Lever <chuck.lever@xxxxxxxxxx>