From patchwork Sat Aug 23 14:41:09 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jeff Layton <jlayton@primarydata.com>
X-Patchwork-Id: 4769471
Return-Path: <linux-cifs-owner@kernel.org>
X-Original-To: patchwork-cifs-client@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 465BB9F344
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Sat, 23 Aug 2014 14:41:36 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 6F43C2018A
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Sat, 23 Aug 2014 14:41:35 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 1ECED201BA
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Sat, 23 Aug 2014 14:41:34 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751559AbaHWOlc (ORCPT
	<rfc822;patchwork-cifs-client@patchwork.kernel.org>);
	Sat, 23 Aug 2014 10:41:32 -0400
Received: from mail-qa0-f54.google.com ([209.85.216.54]:64954 "EHLO
	mail-qa0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751337AbaHWOla (ORCPT
	<rfc822; linux-cifs@vger.kernel.org>); Sat, 23 Aug 2014 10:41:30 -0400
Received: by mail-qa0-f54.google.com with SMTP id k15so10843485qaq.13
	for <linux-cifs@vger.kernel.org>;
	Sat, 23 Aug 2014 07:41:29 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
	:in-reply-to:references;
	bh=56BLcut7Q9FgFY6JVh3HdqRx+m8XGXdgJ2ysUJR9CQE=;
	b=TPx8JE7RPhTEAzc9Fl4qllxfoMs2Hz6EzgLRDN/gvWb342tR468+Fv438KKJflZZMG
	22WFiHjGLE9xLjIxn5XQrbyC6AnRXJ49Bkv3/1SMorLYX5aRgUf0lBVF12SDm9DMhdOS
	TDVHF7Ywz9fpp2ayDGJ767rJA0zVxvUxG8uX6PSMVNPnwtj6uxxW/ItAg9J2Sb1P8DPj
	z/TOJYfAfZdzL/ZolLVqA+qi6a6HW7Y1SJe9+siabKynGL4oAvUM5fsv+EnPrh82/Q17
	J2tHTe3TI09oSHlc3FY4m2mz2d0o0KymPH7dgi9CClilqJD63aUqPBnk1J/eaBd9YT/l
	RA/w==
X-Gm-Message-State: 
 ALoCoQm1h2M2o5K74ulCUvQFBlwt2e9QxQtEjrxXBiJwupz26BseiokQ9DQKdAz9o/VhRzxc0z8+
X-Received: by 10.140.25.226 with SMTP id 89mr16952172qgt.62.1408804889308;
	Sat, 23 Aug 2014 07:41:29 -0700 (PDT)
Received: from tlielax.poochiereds.net ([2001:470:8:d63:3a60:77ff:fe93:a95d])
	by mx.google.com with ESMTPSA id
	o3sm64529771qab.21.2014.08.23.07.41.27 for <multiple recipients>
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Sat, 23 Aug 2014 07:41:28 -0700 (PDT)
From: Jeff Layton <jlayton@primarydata.com>
To: linux-fsdevel@vger.kernel.org
Cc: bfields@fieldses.org, hch@infradead.org, cluster-devel@redhat.com,
	linux-cifs@vger.kernel.org, linux-nfs@vger.kernel.org
Subject: [PATCH 01/10] locks: close potential race in lease_get_mtime
Date: Sat, 23 Aug 2014 10:41:09 -0400
Message-Id: <1408804878-1331-2-git-send-email-jlayton@primarydata.com>
X-Mailer: git-send-email 1.9.3
In-Reply-To: <1408804878-1331-1-git-send-email-jlayton@primarydata.com>
References: <1408804878-1331-1-git-send-email-jlayton@primarydata.com>
Sender: linux-cifs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-cifs.vger.kernel.org>
X-Mailing-List: linux-cifs@vger.kernel.org
X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

lease_get_mtime is called without the i_lock held, so there's no
guarantee about the stability of the list. Between the time when we
assign "flock" and then dereference it to check whether it's a lease
and for write, the lease could be freed.

Ensure that that doesn't occur by taking the i_lock before trying
to check the lease.

Cc: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
---
 fs/locks.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/fs/locks.c b/fs/locks.c
index d7e15a256f8f..58ce8897f2e4 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -1456,8 +1456,18 @@ EXPORT_SYMBOL(__break_lease);
  */
 void lease_get_mtime(struct inode *inode, struct timespec *time)
 {
-	struct file_lock *flock = inode->i_flock;
-	if (flock && IS_LEASE(flock) && (flock->fl_type == F_WRLCK))
+	bool has_lease = false;
+	struct file_lock *flock;
+
+	if (inode->i_flock) {
+		spin_lock(&inode->i_lock);
+		flock = inode->i_flock;
+		if (flock && IS_LEASE(flock) && (flock->fl_type == F_WRLCK))
+			has_lease = true;
+		spin_unlock(&inode->i_lock);
+	}
+
+	if (has_lease)
 		*time = current_fs_time(inode->i_sb);
 	else
 		*time = inode->i_mtime;