diff options
author | Andy Adamson <andros@citi.umich.edu> | 2006-03-20 13:44:26 -0500 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2006-03-20 13:44:26 -0500 |
commit | 8dc7c3115b611c00006eac3ee5b108296432aab7 (patch) | |
tree | be44c59907cbdcb6fdf46d0ad9cc140af757acfc /fs/nfsd/nfs4state.c | |
parent | 2e0af86f618c697b44e2d67dff151256c58201c4 (diff) |
locks,lockd: fix race in nlmsvc_testlock
posix_test_lock() returns a pointer to a struct file_lock which is unprotected
and can be removed while in use by the caller. Move the conflicting lock from
the return to a parameter, and copy the conflicting lock.
In most cases the caller ends up putting the copy of the conflicting lock on
the stack. On i386, sizeof(struct file_lock) appears to be about 100 bytes.
We're assuming that's reasonable.
Signed-off-by: Andy Adamson <andros@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'fs/nfsd/nfs4state.c')
-rw-r--r-- | fs/nfsd/nfs4state.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 1143cfb64549..f6ab762bea99 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c | |||
@@ -2639,7 +2639,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_lock | |||
2639 | struct nfs4_stateid *lock_stp; | 2639 | struct nfs4_stateid *lock_stp; |
2640 | struct file *filp; | 2640 | struct file *filp; |
2641 | struct file_lock file_lock; | 2641 | struct file_lock file_lock; |
2642 | struct file_lock *conflock; | 2642 | struct file_lock conflock; |
2643 | int status = 0; | 2643 | int status = 0; |
2644 | unsigned int strhashval; | 2644 | unsigned int strhashval; |
2645 | 2645 | ||
@@ -2775,11 +2775,11 @@ conflicting_lock: | |||
2775 | /* XXX There is a race here. Future patch needed to provide | 2775 | /* XXX There is a race here. Future patch needed to provide |
2776 | * an atomic posix_lock_and_test_file | 2776 | * an atomic posix_lock_and_test_file |
2777 | */ | 2777 | */ |
2778 | if (!(conflock = posix_test_lock(filp, &file_lock))) { | 2778 | if (!posix_test_lock(filp, &file_lock, &conflock)) { |
2779 | status = nfserr_serverfault; | 2779 | status = nfserr_serverfault; |
2780 | goto out; | 2780 | goto out; |
2781 | } | 2781 | } |
2782 | nfs4_set_lock_denied(conflock, &lock->lk_denied); | 2782 | nfs4_set_lock_denied(&conflock, &lock->lk_denied); |
2783 | out: | 2783 | out: |
2784 | if (status && lock->lk_is_new && lock_sop) | 2784 | if (status && lock->lk_is_new && lock_sop) |
2785 | release_stateowner(lock_sop); | 2785 | release_stateowner(lock_sop); |
@@ -2800,7 +2800,7 @@ nfsd4_lockt(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_lock | |||
2800 | struct inode *inode; | 2800 | struct inode *inode; |
2801 | struct file file; | 2801 | struct file file; |
2802 | struct file_lock file_lock; | 2802 | struct file_lock file_lock; |
2803 | struct file_lock *conflicting_lock; | 2803 | struct file_lock conflock; |
2804 | int status; | 2804 | int status; |
2805 | 2805 | ||
2806 | if (nfs4_in_grace()) | 2806 | if (nfs4_in_grace()) |
@@ -2864,10 +2864,9 @@ nfsd4_lockt(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_lock | |||
2864 | file.f_dentry = current_fh->fh_dentry; | 2864 | file.f_dentry = current_fh->fh_dentry; |
2865 | 2865 | ||
2866 | status = nfs_ok; | 2866 | status = nfs_ok; |
2867 | conflicting_lock = posix_test_lock(&file, &file_lock); | 2867 | if (posix_test_lock(&file, &file_lock, &conflock)) { |
2868 | if (conflicting_lock) { | ||
2869 | status = nfserr_denied; | 2868 | status = nfserr_denied; |
2870 | nfs4_set_lock_denied(conflicting_lock, &lockt->lt_denied); | 2869 | nfs4_set_lock_denied(&conflock, &lockt->lt_denied); |
2871 | } | 2870 | } |
2872 | out: | 2871 | out: |
2873 | nfs4_unlock_state(); | 2872 | nfs4_unlock_state(); |