From: "J. Bruce Fields" <bfields@fieldses.org>
To: Jeff Layton <jlayton@poochiereds.net>
Cc: trond.myklebust@primarydata.com, hch@infradead.org,
linux-nfs@vger.kernel.org
Subject: Re: [PATCH 1/3] nfsd: return correct openowner when there is a race to put one in the hash
Date: Mon, 23 Mar 2015 11:36:14 -0400 [thread overview]
Message-ID: <20150323153614.GB15183@fieldses.org> (raw)
In-Reply-To: <1427122424-8078-2-git-send-email-jeff.layton@primarydata.com>
On Mon, Mar 23, 2015 at 10:53:42AM -0400, Jeff Layton wrote:
> alloc_init_open_stateowner can return an already freed entry if there is
> a race to put openowners in the hashtable.
Looks like alloc_init_lock_stateowner has the same bug, so I'll apply
something like this pending testing.
I wonder if it's actually possible to hit this one?
--b.
commit bdff3084f09f
Author: J. Bruce Fields <bfields@redhat.com>
Date: Mon Mar 23 11:02:30 2015 -0400
nfsd: return correct lockowner when there is a race on hash insert
alloc_init_lock_stateowner can return an already freed entry if there is
a race to put openowners in the hashtable.
Noticed by inspection after Jeff Layton fixed the same bug for open
owners. Depending on client behavior, this one may be trickier to
trigger in practice.
Fixes: c58c6610ec24 "nfsd: Protect adding/removing lock owners using client_lock"
Cc: stable@vger.kernel.org>
Cc: Trond Myklebust <trond.myklebust@primarydata.com>
Cc: Jeff Layton <jeff.layton@primarydata.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index d2f2c37dc2db..49ae6116992f 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -5062,7 +5062,7 @@ alloc_init_lock_stateowner(unsigned int strhashval, struct nfs4_client *clp,
} else
nfs4_free_lockowner(&lo->lo_owner);
spin_unlock(&clp->cl_lock);
- return lo;
+ return ret;
}
static void
next prev parent reply other threads:[~2015-03-23 15:36 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-23 14:53 [PATCH 0/3] nfsd: fix use-after-free oops in v4.0 (and some other minor cleanups) Jeff Layton
2015-03-23 14:53 ` [PATCH 1/3] nfsd: return correct openowner when there is a race to put one in the hash Jeff Layton
2015-03-23 15:36 ` J. Bruce Fields [this message]
2015-03-23 15:45 ` Jeff Layton
2015-03-25 8:45 ` Christoph Hellwig
2015-03-25 10:28 ` Jeff Layton
2015-03-25 13:51 ` Christoph Hellwig
2015-03-23 14:53 ` [PATCH 2/3] nfsd: remove bogus setting of status in nfsd4_process_open2 Jeff Layton
2015-03-25 8:45 ` Christoph Hellwig
2015-03-23 14:53 ` [PATCH 3/3] nfsd: remove unused status arg to nfsd4_cleanup_open_state Jeff Layton
2015-03-25 8:47 ` Christoph Hellwig
2015-03-23 15:12 ` [PATCH 0/3] nfsd: fix use-after-free oops in v4.0 (and some other minor cleanups) J. Bruce Fields
2015-03-23 15:30 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150323153614.GB15183@fieldses.org \
--to=bfields@fieldses.org \
--cc=hch@infradead.org \
--cc=jlayton@poochiereds.net \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@primarydata.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.