From patchwork Thu Nov 15 06:01:15 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [3.5.yuz, extended,
 stable] Patch "nfsd4: fix nfs4 stateid leak" has been added to
 staging queue
Date: Wed, 14 Nov 2012 20:01:15 -0000
From: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
X-Patchwork-Id: 199188
Message-Id: <1352959275-18063-1-git-send-email-herton.krzesinski@canonical.com>
To: "J. Bruce Fields" <bfields@redhat.com>
Cc: kernel-team@lists.ubuntu.com, "Cyril B." <cbay@excellency.fr>

This is a note to let you know that I have just added a patch titled

    nfsd4: fix nfs4 stateid leak

to the linux-3.5.y-queue branch of the 3.5.yuz extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.yuz tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Herton

------

>From 44ae26e4035d3119acfc135e9ed68e8eaf1abb4f Mon Sep 17 00:00:00 2001
From: "J. Bruce Fields" <bfields@redhat.com>
Date: Wed, 29 Aug 2012 15:21:58 -0700
Subject: [PATCH] nfsd4: fix nfs4 stateid leak

commit cf9182e90b2af04245ac4fae497fe73fc71285b4 upstream.

Processes that open and close multiple files may end up setting this
oo_last_closed_stid without freeing what was previously pointed to.
This can result in a major leak, visible for example by watching the
nfsd4_stateids line of /proc/slabinfo.

Reported-by: Cyril B. <cbay@excellency.fr>
Tested-by: Cyril B. <cbay@excellency.fr>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>

---
fs/nfsd/nfs4state.c |    1 +
 1 file changed, 1 insertion(+)

--
1.7.9.5

diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index e8ead04..be324aa 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -3748,6 +3748,7 @@ nfsd4_close(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
 	memcpy(&close->cl_stateid, &stp->st_stid.sc_stateid, sizeof(stateid_t));

 	nfsd4_close_open_stateid(stp);
+	release_last_closed_stateid(oo);
 	oo->oo_last_closed_stid = stp;

 	/* place unused nfs4_stateowners on so_close_lru list to be