diff options
| author | Andy Adamson <andros@citi.umich.edu> | 2006-03-20 13:44:26 -0500 |
|---|---|---|
| committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2006-03-20 13:44:26 -0500 |
| commit | 8dc7c3115b611c00006eac3ee5b108296432aab7 (patch) | |
| tree | be44c59907cbdcb6fdf46d0ad9cc140af757acfc /fs/nfsd/nfs4state.c | |
| parent | 2e0af86f618c697b44e2d67dff151256c58201c4 (diff) | |
locks,lockd: fix race in nlmsvc_testlock
posix_test_lock() returns a pointer to a struct file_lock which is unprotected
and can be removed while in use by the caller. Move the conflicting lock from
the return to a parameter, and copy the conflicting lock.
In most cases the caller ends up putting the copy of the conflicting lock on
the stack. On i386, sizeof(struct file_lock) appears to be about 100 bytes.
We're assuming that's reasonable.
Signed-off-by: Andy Adamson <andros@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'fs/nfsd/nfs4state.c')
| -rw-r--r-- | fs/nfsd/nfs4state.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 1143cfb64549..f6ab762bea99 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c | |||
| @@ -2639,7 +2639,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_lock | |||
| 2639 | struct nfs4_stateid *lock_stp; | 2639 | struct nfs4_stateid *lock_stp; |
| 2640 | struct file *filp; | 2640 | struct file *filp; |
| 2641 | struct file_lock file_lock; | 2641 | struct file_lock file_lock; |
| 2642 | struct file_lock *conflock; | 2642 | struct file_lock conflock; |
| 2643 | int status = 0; | 2643 | int status = 0; |
| 2644 | unsigned int strhashval; | 2644 | unsigned int strhashval; |
| 2645 | 2645 | ||
| @@ -2775,11 +2775,11 @@ conflicting_lock: | |||
| 2775 | /* XXX There is a race here. Future patch needed to provide | 2775 | /* XXX There is a race here. Future patch needed to provide |
| 2776 | * an atomic posix_lock_and_test_file | 2776 | * an atomic posix_lock_and_test_file |
| 2777 | */ | 2777 | */ |
| 2778 | if (!(conflock = posix_test_lock(filp, &file_lock))) { | 2778 | if (!posix_test_lock(filp, &file_lock, &conflock)) { |
| 2779 | status = nfserr_serverfault; | 2779 | status = nfserr_serverfault; |
| 2780 | goto out; | 2780 | goto out; |
| 2781 | } | 2781 | } |
| 2782 | nfs4_set_lock_denied(conflock, &lock->lk_denied); | 2782 | nfs4_set_lock_denied(&conflock, &lock->lk_denied); |
| 2783 | out: | 2783 | out: |
| 2784 | if (status && lock->lk_is_new && lock_sop) | 2784 | if (status && lock->lk_is_new && lock_sop) |
| 2785 | release_stateowner(lock_sop); | 2785 | release_stateowner(lock_sop); |
| @@ -2800,7 +2800,7 @@ nfsd4_lockt(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_lock | |||
| 2800 | struct inode *inode; | 2800 | struct inode *inode; |
| 2801 | struct file file; | 2801 | struct file file; |
| 2802 | struct file_lock file_lock; | 2802 | struct file_lock file_lock; |
| 2803 | struct file_lock *conflicting_lock; | 2803 | struct file_lock conflock; |
| 2804 | int status; | 2804 | int status; |
| 2805 | 2805 | ||
| 2806 | if (nfs4_in_grace()) | 2806 | if (nfs4_in_grace()) |
| @@ -2864,10 +2864,9 @@ nfsd4_lockt(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_lock | |||
| 2864 | file.f_dentry = current_fh->fh_dentry; | 2864 | file.f_dentry = current_fh->fh_dentry; |
| 2865 | 2865 | ||
| 2866 | status = nfs_ok; | 2866 | status = nfs_ok; |
| 2867 | conflicting_lock = posix_test_lock(&file, &file_lock); | 2867 | if (posix_test_lock(&file, &file_lock, &conflock)) { |
| 2868 | if (conflicting_lock) { | ||
| 2869 | status = nfserr_denied; | 2868 | status = nfserr_denied; |
| 2870 | nfs4_set_lock_denied(conflicting_lock, &lockt->lt_denied); | 2869 | nfs4_set_lock_denied(&conflock, &lockt->lt_denied); |
| 2871 | } | 2870 | } |
| 2872 | out: | 2871 | out: |
| 2873 | nfs4_unlock_state(); | 2872 | nfs4_unlock_state(); |