Re: [PATCH] nfsd: avoid leaking pre-allocated openowner on unconfirmed retry race

Next message: Jonathan Cameron: "Re: [PATCH v3 5/7] iio: light: opt3001: prefer dev_err_probe()"
Previous message: Steven Rostedt: "Re: [PATCH] unwind: Add sframe_(un)register() system calls"
In reply to: Jeff Layton: "[PATCH] nfsd: avoid leaking pre-allocated openowner on unconfirmed retry race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Chuck Lever

Date: Fri May 22 2026 - 11:05:25 EST

From: Chuck Lever <chuck.lever@xxxxxxxxxx>

On Fri, 22 May 2026 10:36:14 -0400, Jeff Layton wrote:
> When find_or_alloc_open_stateowner() encounters an unconfirmed owner, it
> calls release_openowner() and sets oo = NULL. Control then falls through
> past the `if (oo)` guard — which would have freed any pre-allocated
> `new` — and unconditionally executes `new = alloc_stateowner(...)`. If
> `new` was already allocated on a prior iteration, the pointer is
> silently overwritten and the previous allocation (slab object + owner
> name buffer) is leaked.
>
> [...]

Applied to nfsd-testing, thanks!

[1/1] nfsd: avoid leaking pre-allocated openowner on unconfirmed retry race
commit: f36ecdd78c6271239579ad7fb3d0a51697160877

--
Chuck Lever <chuck.lever@xxxxxxxxxx>