> On Nov 5, 2022, at 9:49 AM, Jeff Layton <jlayton@xxxxxxxxxx> wrote:
>
> When we fail to insert into the hashtable with a non-retryable error,
> we'll free the object and then goto out_status. If the tracepoint is
> enabled, it'll end up accessing the freed object when it tries to
> grab the fields out of it.
>
> Set nf to NULL after freeing it to avoid the issue.
>
> Fixes: 243a5263014a ("nfsd: rework hashtable handling in nfsd_do_file_acquire")
> Reported-by: kernel test robot <lkp@xxxxxxxxx>
> Reported-by: Dan Carpenter <error27@xxxxxxxxx>
> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> ---
> fs/nfsd/filecache.c | 1 +
> 1 file changed, 1 insertion(+)
I've applied this to nfsd's for-rc. Thank you!
> diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c
> index 687ab814b678..02c1454dfe50 100644
> --- a/fs/nfsd/filecache.c
> +++ b/fs/nfsd/filecache.c
> @@ -1124,6 +1124,7 @@ nfsd_file_do_acquire(struct svc_rqst *rqstp, struct svc_fh *fhp,
> goto open_file;
>
> nfsd_file_slab_free(&nf->nf_rcu);
> + nf = NULL;
> if (ret == -EEXIST)
> goto retry;
> trace_nfsd_file_insert_err(rqstp, key.inode, may_flags, ret);
> --
> 2.38.1
>
--
Chuck Lever
