Commit 2c0cf342 authored by Trond Myklebust's avatar Trond Myklebust Committed by Greg Kroah-Hartman

NLM: Fix a circular lock dependency in lockd

commit 255129d1 in upstream.

The problem is that the garbage collector for the 'host' structures
nlm_gc_hosts(), holds nlm_host_mutex while calling down to
nlmsvc_mark_resources, which, eventually takes the file->f_mutex.

We cannot therefore call nlmsvc_lookup_host() from within
nlmsvc_create_block, since the caller will already hold file->f_mutex, so
the attempt to grab nlm_host_mutex may deadlock.

Fix the problem by calling nlmsvc_lookup_host() outside the file->f_mutex.
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent b73222fc
...@@ -171,19 +171,14 @@ nlmsvc_find_block(struct nlm_cookie *cookie) ...@@ -171,19 +171,14 @@ nlmsvc_find_block(struct nlm_cookie *cookie)
* GRANTED_RES message by cookie, without having to rely on the client's IP * GRANTED_RES message by cookie, without having to rely on the client's IP
* address. --okir * address. --okir
*/ */
static inline struct nlm_block * static struct nlm_block *
nlmsvc_create_block(struct svc_rqst *rqstp, struct nlm_file *file, nlmsvc_create_block(struct svc_rqst *rqstp, struct nlm_host *host,
struct nlm_lock *lock, struct nlm_cookie *cookie) struct nlm_file *file, struct nlm_lock *lock,
struct nlm_cookie *cookie)
{ {
struct nlm_block *block; struct nlm_block *block;
struct nlm_host *host;
struct nlm_rqst *call = NULL; struct nlm_rqst *call = NULL;
/* Create host handle for callback */
host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len);
if (host == NULL)
return NULL;
call = nlm_alloc_call(host); call = nlm_alloc_call(host);
if (call == NULL) if (call == NULL)
return NULL; return NULL;
...@@ -366,6 +361,7 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file, ...@@ -366,6 +361,7 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file,
struct nlm_lock *lock, int wait, struct nlm_cookie *cookie) struct nlm_lock *lock, int wait, struct nlm_cookie *cookie)
{ {
struct nlm_block *block = NULL; struct nlm_block *block = NULL;
struct nlm_host *host;
int error; int error;
__be32 ret; __be32 ret;
...@@ -377,6 +373,10 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file, ...@@ -377,6 +373,10 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file,
(long long)lock->fl.fl_end, (long long)lock->fl.fl_end,
wait); wait);
/* Create host handle for callback */
host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len);
if (host == NULL)
return nlm_lck_denied_nolocks;
/* Lock file against concurrent access */ /* Lock file against concurrent access */
mutex_lock(&file->f_mutex); mutex_lock(&file->f_mutex);
...@@ -385,7 +385,8 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file, ...@@ -385,7 +385,8 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file,
*/ */
block = nlmsvc_lookup_block(file, lock); block = nlmsvc_lookup_block(file, lock);
if (block == NULL) { if (block == NULL) {
block = nlmsvc_create_block(rqstp, file, lock, cookie); block = nlmsvc_create_block(rqstp, nlm_get_host(host), file,
lock, cookie);
ret = nlm_lck_denied_nolocks; ret = nlm_lck_denied_nolocks;
if (block == NULL) if (block == NULL)
goto out; goto out;
...@@ -449,6 +450,7 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file, ...@@ -449,6 +450,7 @@ nlmsvc_lock(struct svc_rqst *rqstp, struct nlm_file *file,
out: out:
mutex_unlock(&file->f_mutex); mutex_unlock(&file->f_mutex);
nlmsvc_release_block(block); nlmsvc_release_block(block);
nlm_release_host(host);
dprintk("lockd: nlmsvc_lock returned %u\n", ret); dprintk("lockd: nlmsvc_lock returned %u\n", ret);
return ret; return ret;
} }
...@@ -477,10 +479,15 @@ nlmsvc_testlock(struct svc_rqst *rqstp, struct nlm_file *file, ...@@ -477,10 +479,15 @@ nlmsvc_testlock(struct svc_rqst *rqstp, struct nlm_file *file,
if (block == NULL) { if (block == NULL) {
struct file_lock *conf = kzalloc(sizeof(*conf), GFP_KERNEL); struct file_lock *conf = kzalloc(sizeof(*conf), GFP_KERNEL);
struct nlm_host *host;
if (conf == NULL) if (conf == NULL)
return nlm_granted; return nlm_granted;
block = nlmsvc_create_block(rqstp, file, lock, cookie); /* Create host handle for callback */
host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len);
if (host == NULL)
return nlm_lck_denied_nolocks;
block = nlmsvc_create_block(rqstp, host, file, lock, cookie);
if (block == NULL) { if (block == NULL) {
kfree(conf); kfree(conf);
return nlm_granted; return nlm_granted;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment