NFSD: Avoid corruption of a referring call list

The new code neglects to remove a freshly-allocated RCL from the callback's referring call list when no matching referring call is found. Reported-by: kernel test robot <lkp@intel.com> Reported-by: Dan Carpenter <dan.carpenter@linaro.org> Closes: https://lore.kernel.org/r/202505171002.cE46sdj5-lkp@intel.com/ Fixes: 4f3c8d8c9e10 ("NFSD: Implement CB_SEQUENCE referring call lists") Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
author: Chuck Lever <chuck.lever@oracle.com> 2025-06-09 01:08:51 +0300
committer: Chuck Lever <chuck.lever@oracle.com> 2025-06-13 03:37:32 +0300
commit: 32ce6b3a83b71d8abf0c0837dc78775f16c9902f (patch)
tree: c8dd0ba11124ad761abc10da7741756e482e4db8
parent: 425364dc49f050b6008b43408aa96d42105a9c1d (diff)
download: linux-32ce6b3a83b71d8abf0c0837dc78775f16c9902f.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
index ccb00aa93be0..e00b2aea8da2 100644
--- a/fs/nfsd/nfs4callback.c
+++ b/fs/nfsd/nfs4callback.c
@@ -1409,6 +1409,7 @@ void nfsd41_cb_referring_call(struct nfsd4_callback *cb,
 out:
 	if (!rcl->__nr_referring_calls) {
 		cb->cb_nr_referring_call_list--;
+		list_del(&rcl->__list);
 		kfree(rcl);
 	}
 }
author	Chuck Lever <chuck.lever@oracle.com>	2025-06-09 01:08:51 +0300
committer	Chuck Lever <chuck.lever@oracle.com>	2025-06-13 03:37:32 +0300
commit	32ce6b3a83b71d8abf0c0837dc78775f16c9902f (patch)
tree	c8dd0ba11124ad761abc10da7741756e482e4db8
parent	425364dc49f050b6008b43408aa96d42105a9c1d (diff)
download	linux-32ce6b3a83b71d8abf0c0837dc78775f16c9902f.tar.xz