locks,lockd: fix race in nlmsvc_testlock
posix_test_lock() returns a pointer to a struct file_lock which is unprotected and can be removed while in use by the caller. Move the conflicting lock from the return to a parameter, and copy the conflicting lock. In most cases the caller ends up putting the copy of the conflicting lock on the stack. On i386, sizeof(struct file_lock) appears to be about 100 bytes. We're assuming that's reasonable. Signed-off-by: Andy Adamson <andros@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This commit is contained in:
Andy Adamson
gecommit door
Trond Myklebust
Trond Myklebust
bovenliggende
2e0af86f61
commit
8dc7c3115b
@@ -392,15 +392,14 @@ out_swapfile:
|
||||
|
||||
static int do_getlk(struct file *filp, int cmd, struct file_lock *fl)
|
||||
{
|
||||
struct file_lock *cfl;
|
||||
struct file_lock cfl;
|
||||
struct inode *inode = filp->f_mapping->host;
|
||||
int status = 0;
|
||||
|
||||
lock_kernel();
|
||||
/* Try local locking first */
|
||||
cfl = posix_test_lock(filp, fl);
|
||||
if (cfl != NULL) {
|
||||
locks_copy_lock(fl, cfl);
|
||||
if (posix_test_lock(filp, fl, &cfl)) {
|
||||
locks_copy_lock(fl, &cfl);
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
||||
Verwijs in nieuw issue
Block a user