From patchwork Thu Sep 4 12:38:29 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Layton X-Patchwork-Id: 4845171 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 8DAA29F390 for ; Thu, 4 Sep 2014 12:41:53 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 5EB472026D for ; Thu, 4 Sep 2014 12:41:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2947820274 for ; Thu, 4 Sep 2014 12:41:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753974AbaIDMk6 (ORCPT ); Thu, 4 Sep 2014 08:40:58 -0400 Received: from mail-qc0-f182.google.com ([209.85.216.182]:52089 "EHLO mail-qc0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753083AbaIDMjR (ORCPT ); Thu, 4 Sep 2014 08:39:17 -0400 Received: by mail-qc0-f182.google.com with SMTP id m20so10481485qcx.27 for ; Thu, 04 Sep 2014 05:39:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=UzJ1juv+6O3lka9sTJEs6R9wBDKbgy+gYFtA7Nb6FaU=; b=liK5xAS1kWbXICx0lGiTvenKCR12RG/XI+MV6YFo/wiFsMOPy5lpfw7sG++s6RGbPV /vq0uE9sMe6eOcuE/sovHccmDQW+i88s9BZLUOyTu75L8f4jWljaNabaj5R3wt7yMxKS AF4gq4px8+ftSZ66Gm+5T9nFmn3KaE8Sgc+7Hg4H0UpWYDFwL58XyIT6loUSOxLD1F6G b0i4P5bO5645cz6f82Di2TKT6xqpgpbd/BGWLIBBhclmpIvkokCC6XY8rzZBdxU1Nj2Y eaRVEAgfh9rsuCIzdn7kXXlP6ZLh/PDiHAzKrQYAFWDj0c/M9ChMck7q6o+dqQluG9Pk 2TWA== X-Gm-Message-State: ALoCoQnOiR0xZJlcQgzTv/9LJq2ERi6svUsKzCGGTzqtVSGAJpnF6L4AdfRhEiDyAWMfo+DJaOOb X-Received: by 10.224.24.130 with SMTP id v2mr6733898qab.80.1409834338613; Thu, 04 Sep 2014 05:38:58 -0700 (PDT) Received: from tlielax.poochiereds.net ([2001:470:8:d63:3a60:77ff:fe93:a95d]) by mx.google.com with ESMTPSA id t5sm19186512qat.24.2014.09.04.05.38.56 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Sep 2014 05:38:57 -0700 (PDT) From: Jeff Layton To: linux-fsdevel@vger.kernel.org Cc: linux-nfs@vger.kernel.org, Christoph Hellwig , "J. Bruce Fields" , linux-kernel@vger.kernel.org Subject: [PATCH v2 03/17] locks: close potential race in lease_get_mtime Date: Thu, 4 Sep 2014 08:38:29 -0400 Message-Id: <1409834323-7171-4-git-send-email-jlayton@primarydata.com> X-Mailer: git-send-email 1.9.3 In-Reply-To: <1409834323-7171-1-git-send-email-jlayton@primarydata.com> References: <1409834323-7171-1-git-send-email-jlayton@primarydata.com> Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Spam-Status: No, score=-8.5 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP lease_get_mtime is called without the i_lock held, so there's no guarantee about the stability of the list. Between the time when we assign "flock" and then dereference it to check whether it's a lease and for write, the lease could be freed. Ensure that that doesn't occur by taking the i_lock before trying to check the lease. Cc: J. Bruce Fields Signed-off-by: Jeff Layton Reviewed-by: Christoph Hellwig --- fs/locks.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/fs/locks.c b/fs/locks.c index 18e87f11a25f..4031324e6cca 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -1456,8 +1456,18 @@ EXPORT_SYMBOL(__break_lease); */ void lease_get_mtime(struct inode *inode, struct timespec *time) { - struct file_lock *flock = inode->i_flock; - if (flock && IS_LEASE(flock) && (flock->fl_type == F_WRLCK)) + bool has_lease = false; + struct file_lock *flock; + + if (inode->i_flock) { + spin_lock(&inode->i_lock); + flock = inode->i_flock; + if (flock && IS_LEASE(flock) && (flock->fl_type == F_WRLCK)) + has_lease = true; + spin_unlock(&inode->i_lock); + } + + if (has_lease) *time = current_fs_time(inode->i_sb); else *time = inode->i_mtime;