nfsd: fix potential lease memory leak in nfs4_setlease

It's unlikely to ever occur, but if there were already a lease set on
the file then we could end up getting back a different pointer on a
successful setlease attempt than the one we allocated. If that happens,
the one we allocated could leak.

In practice, I don't think this will happen due to the fact that we only
try to set up the lease once per nfs4_file, but this error handling is a
bit more correct given the current lease API.

Cc: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>

1 files changed, 5 insertions, 2 deletions

diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index a91e521622c3..5bb4952faf5b 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -3781,7 +3781,7 @@ static struct file_lock *nfs4_alloc_init_lease(struct nfs4_file *fp, int flag)
 static int nfs4_setlease(struct nfs4_delegation *dp)
 {
         struct nfs4_file *fp = dp->dl_stid.sc_file;
-        struct file_lock *fl;
+        struct file_lock *fl, *ret;
         struct file *filp;
         int status = 0;
 
@@ -3795,11 +3795,14 @@ static int nfs4_setlease(struct nfs4_delegation *dp)
                 return -EBADF;
         }
         fl->fl_file = filp;
-        status = vfs_setlease(filp, fl->fl_type, &fl);
+        ret = fl;
+        status = vfs_setlease(filp, fl->fl_type, &ret);
         if (status) {
                 locks_free_lock(fl);
                 goto out_fput;
         }
+        if (ret != fl)
+                locks_free_lock(fl);
         spin_lock(&state_lock);
         spin_lock(&fp->fi_lock);
         /* Did the lease get broken before we took the lock? */