Re: [BUG 2.4] NFS unlocking operation accesses invalid file struct
From: Trond Myklebust
Date: Tue Nov 25 2003 - 19:36:50 EST
>>>>> " " == Akinobu Mita <mita@xxxxxxxxxxxxxxxx> writes:
> Does anyone have a idea of how to fix it ?
Yes. I posted a patch about a week or 2 ago. The original patch can be
found on
http://www.fys.uio.no/~trondmy/src/Linux-2.4.x/2.4.23-rc1/linux-2.4.23-01-posix_race.dif
However, I now believe the real problem here is that
locks_remove_posix() should also be checking the pid (as is done in
all the other POSIX locking checks by calling locks_same_owner()).
It is wrong for locks_remove_posix() to be deleting locks that don't
belong to this pid... Note: this bug exists in 2.6.x. too, although
there it does not cause an Oops...
Cheers,
Trond
--- linux-2.4.23-rc1/fs/locks.c.orig 2003-11-16 19:30:53.000000000 -0500
+++ linux-2.4.23-rc1/fs/locks.c 2003-11-25 19:34:02.000000000 -0500
@@ -1746,7 +1746,8 @@
lock_kernel();
before = &inode->i_flock;
while ((fl = *before) != NULL) {
- if ((fl->fl_flags & FL_POSIX) && fl->fl_owner == owner) {
+ if ((fl->fl_flags & FL_POSIX) && fl->fl_owner == owner &&
+ fl->fl_pid == current->pid) {
locks_unlock_delete(before);
before = &inode->i_flock;
continue;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/