Skip to content

L
linux
Commit 3f09df70 authored by Trond Myklebust's avatar Trond Myklebust
Browse files
Options

NFS: Ensure we always hold the BKL when dereferencing inode->i_flock 

Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 965b5d67
Hide whitespace changes
Inline Side-by-side
Showing with 23 additions and 2 deletions
fs/nfs/delegation.c
View file @ 3f09df70
...@@ -70,15 +70,24 @@ static int nfs_delegation_claim_locks(struct nfs_open_context *ctx, struct nfs4_ ...@@ -70,15 +70,24 @@ static int nfs_delegation_claim_locks(struct nfs_open_context *ctx, struct nfs4_
struct file_lock *fl; struct file_lock *fl;
int status = 0; int status = 0;
if (inode->i_flock == NULL)
goto out;
/* Protect inode->i_flock using the BKL */
lock_kernel();
for (fl = inode->i_flock; fl != NULL; fl = fl->fl_next) { for (fl = inode->i_flock; fl != NULL; fl = fl->fl_next) {
if (!(fl->fl_flags & (FL_POSIX|FL_FLOCK))) if (!(fl->fl_flags & (FL_POSIX|FL_FLOCK)))
continue; continue;
if (nfs_file_open_context(fl->fl_file) != ctx) if (nfs_file_open_context(fl->fl_file) != ctx)
continue; continue;
unlock_kernel();
status = nfs4_lock_delegation_recall(state, fl); status = nfs4_lock_delegation_recall(state, fl);
if (status < 0) if (status < 0)
break; goto out;
lock_kernel();
} }
unlock_kernel();
out:
return status; return status;
} }
...@@ -256,7 +265,10 @@ static int __nfs_inode_return_delegation(struct inode *inode, struct nfs_delegat ...@@ -256,7 +265,10 @@ static int __nfs_inode_return_delegation(struct inode *inode, struct nfs_delegat
struct nfs_inode *nfsi = NFS_I(inode); struct nfs_inode *nfsi = NFS_I(inode);
nfs_msync_inode(inode); nfs_msync_inode(inode);
/* Guard against new delegated open calls */ /*
* Guard against new delegated open/lock/unlock calls and against
* state recovery
*/
down_write(&nfsi->rwsem); down_write(&nfsi->rwsem);
nfs_delegation_claim_opens(inode, &delegation->stateid); nfs_delegation_claim_opens(inode, &delegation->stateid);
up_write(&nfsi->rwsem); up_write(&nfsi->rwsem);
......
fs/nfs/nfs4state.c
View file @ 3f09df70
...@@ -847,12 +847,19 @@ static int nfs4_reclaim_locks(struct nfs4_state *state, const struct nfs4_state_ ...@@ -847,12 +847,19 @@ static int nfs4_reclaim_locks(struct nfs4_state *state, const struct nfs4_state_
struct file_lock *fl; struct file_lock *fl;
int status = 0; int status = 0;
if (inode->i_flock == NULL)
return 0;
/* Guard against delegation returns and new lock/unlock calls */
down_write(&nfsi->rwsem); down_write(&nfsi->rwsem);
/* Protect inode->i_flock using the BKL */
lock_kernel();
for (fl = inode->i_flock; fl != NULL; fl = fl->fl_next) { for (fl = inode->i_flock; fl != NULL; fl = fl->fl_next) {
if (!(fl->fl_flags & (FL_POSIX|FL_FLOCK))) if (!(fl->fl_flags & (FL_POSIX|FL_FLOCK)))
continue; continue;
if (nfs_file_open_context(fl->fl_file)->state != state) if (nfs_file_open_context(fl->fl_file)->state != state)
continue; continue;
unlock_kernel();
status = ops->recover_lock(state, fl); status = ops->recover_lock(state, fl);
switch (status) { switch (status) {
case 0: case 0:
...@@ -875,7 +882,9 @@ static int nfs4_reclaim_locks(struct nfs4_state *state, const struct nfs4_state_ ...@@ -875,7 +882,9 @@ static int nfs4_reclaim_locks(struct nfs4_state *state, const struct nfs4_state_
/* kill_proc(fl->fl_pid, SIGLOST, 1); */ /* kill_proc(fl->fl_pid, SIGLOST, 1); */
status = 0; status = 0;
} }
lock_kernel();
} }
unlock_kernel();
out: out:
up_write(&nfsi->rwsem); up_write(&nfsi->rwsem);
return status; return status;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7