Unverified Commit eeec741e authored by Neil Brown's avatar Neil Brown Committed by Christian Brauner
Browse files

nfsd: fix end_creating() conversion 

Avoid a double-unlock as nfs_create_locked() will have unlocked the
parent and do the dput() manually.

Christian Brauner <brauner@kernel.org> says:

I've taken Neil's proposed fix from [1] and added a commit message.

Fixes: https://lore.kernel.org/202511252132.2c621407-lkp@intel.com

 [1]
Fixes: bd6ede8a ("VFS/nfsd/cachefiles/ovl: introduce start_removing() and end_removing()")
Signed-off-by: default avatarNeil Brown <neil@brown.name>
Signed-off-by: default avatarChristian Brauner <brauner@kernel.org>
parent 523ac768

fs/nfsd/nfsproc.c

+3 −0
Original line number Diff line number Diff line
@@ -407,6 +407,9 @@ nfsd_proc_create(struct svc_rqst *rqstp) 
		/* File doesn't exist. Create it and set attrs */

		resp->status = nfsd_create_locked(rqstp, dirfhp, &attrs, type,

						  rdev, newfhp);

		/* nfsd_create_locked() unlocked the parent */

		dput(dchild);

		goto out_write;

	} else if (type == S_IFREG) {

		dprintk("nfsd:   existing %s, valid=%x, size=%ld\n",

			argp->name, attr->ia_valid, (long) attr->ia_size);

fs/nfsd/vfs.c

+2 −4
Original line number Diff line number Diff line
@@ -1633,16 +1633,14 @@ nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, 
		return nfserrno(host_err);



	err = fh_compose(resfhp, fhp->fh_export, dchild, fhp);

	/*

	 * We unconditionally drop our ref to dchild as fh_compose will have

	 * already grabbed its own ref for it.

	 */

	if (err)

		goto out_unlock;

	err = fh_fill_pre_attrs(fhp);

	if (err != nfs_ok)

		goto out_unlock;

	err = nfsd_create_locked(rqstp, fhp, attrs, type, rdev, resfhp);

	/* nfsd_create_locked() unlocked the parent */

	dput(dchild);

	return err;



out_unlock: