aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2007-08-23 23:16:51 -0400
committerSteve French <sfrench@us.ibm.com>2007-08-23 23:16:51 -0400
commit39db810cb6c1e7d1f2e43ae38b437b7ee72fe815 (patch)
tree049b895e905cddeec0580388b636ca965b90ec8a
parent95ba7362105646523ee712fd252ec2e34ccbec15 (diff)
[CIFS] Byte range unlock request to non-Unix server can unlock too much
On a mount without posix extensions enabled, when an unlock request is made, the client can release more than is intended. To reproduce, on a CIFS mount without posix extensions enabled: 1) open file 2) do fcntl lock: start=0 len=1 3) do fcntl lock: start=2 len=1 4) do fcntl unlock: start=0 len=1 ...on the unlock call the client sends an unlock request to the server for both locks. The problem is a bad test in cifs_lock. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r--fs/cifs/CHANGES5
-rw-r--r--fs/cifs/file.c3
2 files changed, 6 insertions, 2 deletions
diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
index bed6215c0794..41e3b6a9397c 100644
--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -6,7 +6,10 @@ done with "serverino" mount option). Add support for POSIX Unlink
6Samba supports newer POSIX CIFS Protocol Extensions). Add "nounix" 6Samba supports newer POSIX CIFS Protocol Extensions). Add "nounix"
7mount option to allow disabling the CIFS Unix Extensions for just 7mount option to allow disabling the CIFS Unix Extensions for just
8that mount. Fix hang on spinlock in find_writable_file (race when 8that mount. Fix hang on spinlock in find_writable_file (race when
9reopening file after session crash). 9reopening file after session crash). Byte range unlock request to
10windows server could unlock more bytes (on server copy of file)
11than intended if start of unlock request is well before start of
12a previous byte range lock that we issued.
10 13
11Version 1.49 14Version 1.49
12------------ 15------------
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index 894b1f7b299d..f9bd8b83f40e 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -767,7 +767,8 @@ int cifs_lock(struct file *file, int cmd, struct file_lock *pfLock)
767 mutex_lock(&fid->lock_mutex); 767 mutex_lock(&fid->lock_mutex);
768 list_for_each_entry_safe(li, tmp, &fid->llist, llist) { 768 list_for_each_entry_safe(li, tmp, &fid->llist, llist) {
769 if (pfLock->fl_start <= li->offset && 769 if (pfLock->fl_start <= li->offset &&
770 length >= li->length) { 770 (pflock->fl_start + length) >=
771 (li->offset + li->length)) {
771 stored_rc = CIFSSMBLock(xid, pTcon, 772 stored_rc = CIFSSMBLock(xid, pTcon,
772 netfid, 773 netfid,
773 li->length, li->offset, 774 li->length, li->offset,