aboutsummaryrefslogtreecommitdiffstats
path: root/fs/nfsd/nfs4state.c
diff options
context:
space:
mode:
authorAndy Adamson <andros@citi.umich.edu>2006-03-20 13:44:26 -0500
committerTrond Myklebust <Trond.Myklebust@netapp.com>2006-03-20 13:44:26 -0500
commit8dc7c3115b611c00006eac3ee5b108296432aab7 (patch)
treebe44c59907cbdcb6fdf46d0ad9cc140af757acfc /fs/nfsd/nfs4state.c
parent2e0af86f618c697b44e2d67dff151256c58201c4 (diff)
locks,lockd: fix race in nlmsvc_testlock
posix_test_lock() returns a pointer to a struct file_lock which is unprotected and can be removed while in use by the caller. Move the conflicting lock from the return to a parameter, and copy the conflicting lock. In most cases the caller ends up putting the copy of the conflicting lock on the stack. On i386, sizeof(struct file_lock) appears to be about 100 bytes. We're assuming that's reasonable. Signed-off-by: Andy Adamson <andros@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'fs/nfsd/nfs4state.c')
-rw-r--r--fs/nfsd/nfs4state.c13
1 files changed, 6 insertions, 7 deletions
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 1143cfb64549..f6ab762bea99 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -2639,7 +2639,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_lock
2639 struct nfs4_stateid *lock_stp; 2639 struct nfs4_stateid *lock_stp;
2640 struct file *filp; 2640 struct file *filp;
2641 struct file_lock file_lock; 2641 struct file_lock file_lock;
2642 struct file_lock *conflock; 2642 struct file_lock conflock;
2643 int status = 0; 2643 int status = 0;
2644 unsigned int strhashval; 2644 unsigned int strhashval;
2645 2645
@@ -2775,11 +2775,11 @@ conflicting_lock:
2775 /* XXX There is a race here. Future patch needed to provide 2775 /* XXX There is a race here. Future patch needed to provide
2776 * an atomic posix_lock_and_test_file 2776 * an atomic posix_lock_and_test_file
2777 */ 2777 */
2778 if (!(conflock = posix_test_lock(filp, &file_lock))) { 2778 if (!posix_test_lock(filp, &file_lock, &conflock)) {
2779 status = nfserr_serverfault; 2779 status = nfserr_serverfault;
2780 goto out; 2780 goto out;
2781 } 2781 }
2782 nfs4_set_lock_denied(conflock, &lock->lk_denied); 2782 nfs4_set_lock_denied(&conflock, &lock->lk_denied);
2783out: 2783out:
2784 if (status && lock->lk_is_new && lock_sop) 2784 if (status && lock->lk_is_new && lock_sop)
2785 release_stateowner(lock_sop); 2785 release_stateowner(lock_sop);
@@ -2800,7 +2800,7 @@ nfsd4_lockt(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_lock
2800 struct inode *inode; 2800 struct inode *inode;
2801 struct file file; 2801 struct file file;
2802 struct file_lock file_lock; 2802 struct file_lock file_lock;
2803 struct file_lock *conflicting_lock; 2803 struct file_lock conflock;
2804 int status; 2804 int status;
2805 2805
2806 if (nfs4_in_grace()) 2806 if (nfs4_in_grace())
@@ -2864,10 +2864,9 @@ nfsd4_lockt(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_lock
2864 file.f_dentry = current_fh->fh_dentry; 2864 file.f_dentry = current_fh->fh_dentry;
2865 2865
2866 status = nfs_ok; 2866 status = nfs_ok;
2867 conflicting_lock = posix_test_lock(&file, &file_lock); 2867 if (posix_test_lock(&file, &file_lock, &conflock)) {
2868 if (conflicting_lock) {
2869 status = nfserr_denied; 2868 status = nfserr_denied;
2870 nfs4_set_lock_denied(conflicting_lock, &lockt->lt_denied); 2869 nfs4_set_lock_denied(&conflock, &lockt->lt_denied);
2871 } 2870 }
2872out: 2871out:
2873 nfs4_unlock_state(); 2872 nfs4_unlock_state();