From 07ce9f1e36a495b67408dd5dc5935c2a2d42f1ce Mon Sep 17 00:00:00 2001
From: Benjamin Coddington <bcodding@redhat.com>
Date: Fri, 31 Jan 2025 06:45:41 -0500
Subject: [PATCH] nfs: fix memory leak in error path of nfs4_do_reclaim

JIRA: https://issues.redhat.com/browse/RHEL-73723

commit 8f6a7c9467eaf39da4c14e5474e46190ab3fb529
Author: Li Lingfeng <lilingfeng3@huawei.com>
Date:   Wed Sep 4 20:34:57 2024 +0800

    nfs: fix memory leak in error path of nfs4_do_reclaim

    Commit c77e22834ae9 ("NFSv4: Fix a potential sleep while atomic in
    nfs4_do_reclaim()") separate out the freeing of the state owners from
    nfs4_purge_state_owners() and finish it outside the rcu lock.
    However, the error path is omitted. As a result, the state owners in
    "freeme" will not be released.
    Fix it by adding freeing in the error path.

    Fixes: c77e22834ae9 ("NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()")
    Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>
    Cc: stable@vger.kernel.org # v5.3+
    Signed-off-by: Anna Schumaker <anna.schumaker@oracle.com>

Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
---
 fs/nfs/nfs4state.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
index 85e12bc562f1..cba0632fe35d 100644
--- a/fs/nfs/nfs4state.c
+++ b/fs/nfs/nfs4state.c
@@ -1957,6 +1957,7 @@ restart:
 				set_bit(ops->owner_flag_bit, &sp->so_flags);
 				nfs4_put_state_owner(sp);
 				status = nfs4_recovery_handle_error(clp, status);
+				nfs4_free_state_owners(&freeme);
 				return (status != 0) ? status : -EAGAIN;
 			}