diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2014-04-03 10:27:17 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2014-04-12 06:52:48 -0400 |
| commit | 19dfc1f5f2ef03a52aa30c8257c5745edef23f55 (patch) | |
| tree | 3846636f530b1e23d685b1652cd73ab8707445fb | |
| parent | eab87235c0f5979503a547f836a93a3d327c4201 (diff) | |
cifs: fix the race in cifs_writev()
O_APPEND handling there hadn't been completely fixed by Pavel's
patch; it checks the right value, but it's racy - we can't really
do that until i_mutex has been taken.
Fix by switching to __generic_file_aio_write() (open-coding
generic_file_aio_write(), actually) and pulling mutex_lock() above
inode_size_read().
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| -rw-r--r-- | fs/cifs/file.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/fs/cifs/file.c b/fs/cifs/file.c index 3443b8f8e1c0..5bac2763c450 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c | |||
| @@ -2579,19 +2579,32 @@ cifs_writev(struct kiocb *iocb, const struct iovec *iov, | |||
| 2579 | struct cifsInodeInfo *cinode = CIFS_I(inode); | 2579 | struct cifsInodeInfo *cinode = CIFS_I(inode); |
| 2580 | struct TCP_Server_Info *server = tlink_tcon(cfile->tlink)->ses->server; | 2580 | struct TCP_Server_Info *server = tlink_tcon(cfile->tlink)->ses->server; |
| 2581 | ssize_t rc = -EACCES; | 2581 | ssize_t rc = -EACCES; |
| 2582 | loff_t lock_pos = pos; | 2582 | loff_t lock_pos = iocb->ki_pos; |
| 2583 | 2583 | ||
| 2584 | if (file->f_flags & O_APPEND) | ||
| 2585 | lock_pos = i_size_read(inode); | ||
| 2586 | /* | 2584 | /* |
| 2587 | * We need to hold the sem to be sure nobody modifies lock list | 2585 | * We need to hold the sem to be sure nobody modifies lock list |
| 2588 | * with a brlock that prevents writing. | 2586 | * with a brlock that prevents writing. |
| 2589 | */ | 2587 | */ |
| 2590 | down_read(&cinode->lock_sem); | 2588 | down_read(&cinode->lock_sem); |
| 2589 | mutex_lock(&inode->i_mutex); | ||
| 2590 | if (file->f_flags & O_APPEND) | ||
| 2591 | lock_pos = i_size_read(inode); | ||
| 2591 | if (!cifs_find_lock_conflict(cfile, lock_pos, iov_length(iov, nr_segs), | 2592 | if (!cifs_find_lock_conflict(cfile, lock_pos, iov_length(iov, nr_segs), |
| 2592 | server->vals->exclusive_lock_type, NULL, | 2593 | server->vals->exclusive_lock_type, NULL, |
| 2593 | CIFS_WRITE_OP)) | 2594 | CIFS_WRITE_OP)) { |
| 2594 | rc = generic_file_aio_write(iocb, iov, nr_segs, pos); | 2595 | rc = __generic_file_aio_write(iocb, iov, nr_segs); |
| 2596 | mutex_unlock(&inode->i_mutex); | ||
| 2597 | |||
| 2598 | if (rc > 0) { | ||
| 2599 | ssize_t err; | ||
| 2600 | |||
| 2601 | err = generic_write_sync(file, iocb->ki_pos - rc, rc); | ||
| 2602 | if (rc < 0) | ||
| 2603 | rc = err; | ||
| 2604 | } | ||
| 2605 | } else { | ||
| 2606 | mutex_unlock(&inode->i_mutex); | ||
| 2607 | } | ||
| 2595 | up_read(&cinode->lock_sem); | 2608 | up_read(&cinode->lock_sem); |
| 2596 | return rc; | 2609 | return rc; |
| 2597 | } | 2610 | } |