lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'for-2.6.37' of git://linux-nfs.org/~bfields/linux

Browse Source 
* 'for-2.6.37' of git://linux-nfs.org/~bfields/linux:
  nfsd: Fix possible BUG_ON firing in set_change_info
  sunrpc: prevent use-after-free on clearing XPT_BUSY
This commit is contained in:
Linus Torvalds
2010-12-14 11:09:05 -08:00
parent e13cf63f2b c1ac3ffcd0
commit 5111711d3e
3 changed files with 22 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
fs/nfsd/nfs3xdr.c
View File

@@ -260,9 +260,11 @@ void fill_post_wcc(struct svc_fh *fhp)
err = vfs_getattr(fhp->fh_export->ex_path.mnt, fhp->fh_dentry, err = vfs_getattr(fhp->fh_export->ex_path.mnt, fhp->fh_dentry,
&fhp->fh_post_attr); &fhp->fh_post_attr);
fhp->fh_post_change = fhp->fh_dentry->d_inode->i_version; fhp->fh_post_change = fhp->fh_dentry->d_inode->i_version;
if (err) if (err) {
fhp->fh_post_saved = 0; fhp->fh_post_saved = 0;
else /* Grab the ctime anyway - set_change_info might use it */
fhp->fh_post_attr.ctime = fhp->fh_dentry->d_inode->i_ctime;
} else
fhp->fh_post_saved = 1; fhp->fh_post_saved = 1;
} }

21
fs/nfsd/xdr4.h
View File

@@ -484,18 +484,17 @@ static inline bool nfsd4_not_cached(struct nfsd4_compoundres *resp)
static inline void static inline void
set_change_info(struct nfsd4_change_info *cinfo, struct svc_fh *fhp) set_change_info(struct nfsd4_change_info *cinfo, struct svc_fh *fhp)
{ {
BUG_ON(!fhp->fh_pre_saved || !fhp->fh_post_saved); BUG_ON(!fhp->fh_pre_saved);
cinfo->atomic = 1; cinfo->atomic = fhp->fh_post_saved;
cinfo->change_supported = IS_I_VERSION(fhp->fh_dentry->d_inode); cinfo->change_supported = IS_I_VERSION(fhp->fh_dentry->d_inode);
if (cinfo->change_supported) {
cinfo->before_change = fhp->fh_pre_change; cinfo->before_change = fhp->fh_pre_change;
cinfo->after_change = fhp->fh_post_change; cinfo->after_change = fhp->fh_post_change;
} else { cinfo->before_ctime_sec = fhp->fh_pre_ctime.tv_sec;
cinfo->before_ctime_sec = fhp->fh_pre_ctime.tv_sec; cinfo->before_ctime_nsec = fhp->fh_pre_ctime.tv_nsec;
cinfo->before_ctime_nsec = fhp->fh_pre_ctime.tv_nsec; cinfo->after_ctime_sec = fhp->fh_post_attr.ctime.tv_sec;
cinfo->after_ctime_sec = fhp->fh_post_attr.ctime.tv_sec; cinfo->after_ctime_nsec = fhp->fh_post_attr.ctime.tv_nsec;
cinfo->after_ctime_nsec = fhp->fh_post_attr.ctime.tv_nsec;
}
} }
int nfs4svc_encode_voidres(struct svc_rqst *, __be32 *, void *); int nfs4svc_encode_voidres(struct svc_rqst *, __be32 *, void *);

9
net/sunrpc/svc_xprt.c
View File

@@ -212,6 +212,7 @@ int svc_create_xprt(struct svc_serv *serv, const char *xprt_name,
spin_lock(&svc_xprt_class_lock); spin_lock(&svc_xprt_class_lock);
list_for_each_entry(xcl, &svc_xprt_class_list, xcl_list) { list_for_each_entry(xcl, &svc_xprt_class_list, xcl_list) {
struct svc_xprt *newxprt; struct svc_xprt *newxprt;
unsigned short newport;
if (strcmp(xprt_name, xcl->xcl_name)) if (strcmp(xprt_name, xcl->xcl_name))
continue; continue;
@@ -230,8 +231,9 @@ int svc_create_xprt(struct svc_serv *serv, const char *xprt_name,
spin_lock_bh(&serv->sv_lock); spin_lock_bh(&serv->sv_lock);
list_add(&newxprt->xpt_list, &serv->sv_permsocks); list_add(&newxprt->xpt_list, &serv->sv_permsocks);
spin_unlock_bh(&serv->sv_lock); spin_unlock_bh(&serv->sv_lock);
newport = svc_xprt_local_port(newxprt);
clear_bit(XPT_BUSY, &newxprt->xpt_flags); clear_bit(XPT_BUSY, &newxprt->xpt_flags);
return svc_xprt_local_port(newxprt); return newport;
} }
err: err:
spin_unlock(&svc_xprt_class_lock); spin_unlock(&svc_xprt_class_lock);
@@ -425,8 +427,13 @@ void svc_xprt_received(struct svc_xprt *xprt)
{ {
BUG_ON(!test_bit(XPT_BUSY, &xprt->xpt_flags)); BUG_ON(!test_bit(XPT_BUSY, &xprt->xpt_flags));
xprt->xpt_pool = NULL; xprt->xpt_pool = NULL;
/* As soon as we clear busy, the xprt could be closed and
* 'put', so we need a reference to call svc_xprt_enqueue with:
*/
svc_xprt_get(xprt);
clear_bit(XPT_BUSY, &xprt->xpt_flags); clear_bit(XPT_BUSY, &xprt->xpt_flags);
svc_xprt_enqueue(xprt); svc_xprt_enqueue(xprt);
svc_xprt_put(xprt);
} }
EXPORT_SYMBOL_GPL(svc_xprt_received); EXPORT_SYMBOL_GPL(svc_xprt_received);