iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/fs
History
Trond Myklebust a6f951ddbd NFSv4: Fix a use-after-free situation in _nfs4_proc_getlk() 
In nfs4_proc_getlk(), when some error causes a retry of the call to
_nfs4_proc_getlk(), we can end up with Oopses of the form

 BUG: unable to handle kernel NULL pointer dereference at 0000000000000134
 IP: [<ffffffff8165270e>] _raw_spin_lock+0xe/0x30
<snip>
 Call Trace:
  [<ffffffff812f287d>] _atomic_dec_and_lock+0x4d/0x70
  [<ffffffffa053c4f2>] nfs4_put_lock_state+0x32/0xb0 [nfsv4]
  [<ffffffffa053c585>] nfs4_fl_release_lock+0x15/0x20 [nfsv4]
  [<ffffffffa0522c06>] _nfs4_proc_getlk.isra.40+0x146/0x170 [nfsv4]
  [<ffffffffa052ad99>] nfs4_proc_lock+0x399/0x5a0 [nfsv4]

The problem is that we don't clear the request->fl_ops after the first
try and so when we retry, nfs4_set_lock_state() exits early without
setting the lock stateid.
Regression introduced by commit 70cc6487a4e08b8698c0e2ec935fb48d10490162
(locks: make ->lock release private data before returning in GETLK case)

Reported-by: Weston Andros Adamson <dros@netapp.com>
Reported-by: Jorge Mora <mora@netapp.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: <stable@vger.kernel.org> #2.6.22+
2013-10-01 18:21:28 -04:00
..
9p
9p: don't forget to destroy inode cache if fscache registration fails
2013-09-17 22:31:01 -04:00
adfs
truncate: drop 'oldsize' truncate_pagecache() parameter
2013-09-12 15:38:02 -07:00
affs
truncate: drop 'oldsize' truncate_pagecache() parameter
2013-09-12 15:38:02 -07:00
afs
afs: dget_parent() can't return a negative dentry
2013-09-29 22:02:24 -04:00
autofs4
autofs4: close the races around autofs4_notify_daemon()
2013-09-16 19:16:38 -04:00
befs
[readdir] convert befs
2013-06-29 12:56:55 +04:00
bfs
truncate: drop 'oldsize' truncate_pagecache() parameter
2013-09-12 15:38:02 -07:00
btrfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs
2013-09-22 14:58:49 -07:00
cachefiles
CacheFiles: Don't try to dump the index key if the cookie has been cleared
2013-09-20 15:15:43 -07:00
ceph
ceph: use d_invalidate() to invalidate aliases
2013-09-06 12:55:29 -07:00
cifs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-09-18 19:22:22 -05:00
coda
helper for reading ->d_count
2013-07-05 18:59:33 +04:00
configfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-07-14 11:42:26 -07:00
cramfs
[readdir] convert f2fs
2013-06-29 12:56:46 +04:00
debugfs
debugfs: debugfs_remove_recursive() must not rely on list_empty(d_subdirs)
2013-07-31 12:16:31 -04:00
devpts
fs: Limit sys_mount to only request filesystem modules (Part 2).
2013-03-07 01:08:55 -08:00
dlm
dlm: remove signal blocking
2013-08-12 15:22:43 -05:00
ecryptfs
ecryptfs: avoid ctx initialization race
2013-09-06 16:58:18 -07:00
efivarfs
efivarfs: we can use simple_lookup() now
2013-07-14 17:48:35 +04:00
efs
efs: iget_locked() doesn't return an ERR_PTR()
2013-08-24 12:10:22 -04:00
exofs
truncate: drop 'oldsize' truncate_pagecache() parameter
2013-09-12 15:38:02 -07:00
exportfs
exportfs: don't assume that ->iterate() won't feed us too long entries
2013-09-07 19:54:55 -04:00
ext2
truncate: drop 'oldsize' truncate_pagecache() parameter
2013-09-12 15:38:02 -07:00
ext3
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2013-09-06 09:06:02 -07:00
ext4
Merge branch 'akpm' (patches from Andrew Morton)
2013-09-12 15:44:27 -07:00
f2fs
f2fs: optimize gc for better performance
2013-09-05 13:50:32 +09:00
fat
truncate: drop 'oldsize' truncate_pagecache() parameter
2013-09-12 15:38:02 -07:00
freevxfs
[readdir] convert freevxfs
2013-06-29 12:56:53 +04:00
fscache
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
2013-09-19 12:50:37 -05:00
fuse
truncate: drop 'oldsize' truncate_pagecache() parameter
2013-09-12 15:38:02 -07:00
gfs2
gfs2: set FILE_CREATED
2013-09-16 19:17:24 -04:00
hfs
truncate: drop 'oldsize' truncate_pagecache() parameter
2013-09-12 15:38:02 -07:00
hfsplus
truncate: drop 'oldsize' truncate_pagecache() parameter
2013-09-12 15:38:02 -07:00
hostfs
um: hostfs: Fix writeback
2013-09-07 10:38:29 +02:00
hpfs
truncate: drop 'oldsize' truncate_pagecache() parameter
2013-09-12 15:38:02 -07:00
hppfs
clean up scary strncpy(dst, src, strlen(src)) uses
2013-07-03 16:07:41 -07:00
hugetlbfs
cope with potentially long ->d_dname() output for shmem/hugetlb
2013-08-24 12:10:17 -04:00
isofs
isofs: Refuse RW mount of the filesystem instead of making it RO
2013-07-31 22:14:50 +02:00
jbd
jbd: use a single printk for jbd_debug()
2013-08-09 10:49:00 +02:00
jbd2
jbd2: Fix endian mixing problems in the checksumming code
2013-08-28 14:59:58 -04:00
jffs2
[readdir] convert jffs2
2013-06-29 12:56:47 +04:00
jfs
truncate: drop 'oldsize' truncate_pagecache() parameter
2013-09-12 15:38:02 -07:00
lockd
LOCKD: Don't call utsname()->nodename from nlmclnt_setlockargs
2013-08-05 15:03:46 -04:00
logfs
Lots of bug fixes, cleanups and optimizations. In the bug fixes
2013-07-02 09:39:34 -07:00
minix
truncate: drop 'oldsize' truncate_pagecache() parameter
2013-09-12 15:38:02 -07:00
ncpfs
ncpfs: fix error return code in ncp_parse_options()
2013-07-09 10:33:25 -07:00
nfs
NFSv4: Fix a use-after-free situation in _nfs4_proc_getlk()
2013-10-01 18:21:28 -04:00
nfs_common
nfs_common: Update the translation between nfsv3 acls linux posix acls
2013-02-13 06:15:14 -08:00
nfsd
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-09-12 15:01:38 -07:00
nilfs2
nilfs2: fix issue with race condition of competition between segments for dirty blocks
2013-09-30 14:31:02 -07:00
nls
notify
fsnotify: update comments concerning locking scheme
2013-07-09 10:33:20 -07:00
ntfs
truncate: drop 'oldsize' truncate_pagecache() parameter
2013-09-12 15:38:02 -07:00
ocfs2
ocfs2: needs ->d_lock to poke in ->d_parent->d_inode from ->d_revalidate()
2013-09-29 22:02:20 -04:00
omfs
truncate: drop 'oldsize' truncate_pagecache() parameter
2013-09-12 15:38:02 -07:00
openpromfs
[readdir] convert openpromfs
2013-06-29 12:56:32 +04:00
proc
thp: account anon transparent huge pages into NR_ANON_PAGES
2013-09-12 15:38:03 -07:00
pstore
pstore: Remove the messages related to compression failure
2013-09-16 09:28:29 -07:00
qnx4
[readdir] convert qnx4
2013-06-29 12:56:38 +04:00
qnx6
[readdir] convert qnx6
2013-06-29 12:56:39 +04:00
quota
fs: convert fs shrinkers to new scan/count API
2013-09-10 18:56:31 -04:00
ramfs
initmpfs: move rootfs code from fs/ramfs/ to init/
2013-09-11 15:59:37 -07:00
reiserfs
reiserfs: fix race with flush_used_journal_lists and flush_journal_list
2013-09-24 11:24:21 +02:00
romfs
[readdir] convert romfs
2013-06-29 12:56:29 +04:00
squashfs
Squashfs: add corruption check for type in squashfs_readdir()
2013-09-06 04:57:54 +01:00
sysfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-09-07 14:36:57 -07:00
sysv
sysv: Add forgotten superblock lock init for v7 fs
2013-09-29 22:02:02 -04:00
ubifs
Just one patch which fixes the power-cut recovery testing mode.
2013-09-16 15:36:55 -04:00
udf
udf: Fortify LVID loading
2013-09-24 11:23:33 +02:00
ufs
truncate: drop 'oldsize' truncate_pagecache() parameter
2013-09-12 15:38:02 -07:00
xfs
xfs: fix node forward in xfs_node_toosmall
2013-09-26 10:38:17 -05:00
aio.c
aio: rcu_read_lock protection for new rcu_dereference calls
2013-09-09 12:29:35 -04:00
anon_inodes.c
fs/anon_inode: Introduce a new lib function anon_inode_getfile_private()
2013-07-16 09:32:17 -04:00
attr.c
bad_inode.c
[readdir] ->readdir() is gone
2013-06-29 12:57:04 +04:00
binfmt_aout.c
mm: remove free_area_cache
2013-07-10 18:11:34 -07:00
binfmt_elf_fdpic.c
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc
2013-05-02 10:16:16 -07:00
binfmt_elf.c
fs/binfmt_elf.c: prevent a coredump with a large vm_map_count from Oopsing
2013-09-30 14:31:01 -07:00
binfmt_em86.c
binfmt_flat.c
new helper: read_code()
2013-04-29 15:40:23 -04:00
binfmt_misc.c
binfmt_misc: reuse string_unescape_inplace()
2013-04-30 17:04:03 -07:00
binfmt_script.c
binfmt_som.c
bio-integrity.c
Merge branch 'for-3.12/core' of git://git.kernel.dk/linux-block
2013-09-22 15:00:11 -07:00
bio.c
block: Fix bio_copy_data()
2013-09-24 14:41:42 -07:00
block_dev.c
a trivial writeback fix
2013-09-13 23:06:40 -04:00
buffer.c
mm: vmscan: take page buffers dirty and locked state into account
2013-07-03 16:07:29 -07:00
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c
compat.c: LOOP_CLR_FD is taken care of in loop.c itself...
2013-06-29 12:46:44 +04:00
compat.c
[readdir] constify ->actor
2013-06-29 12:57:05 +04:00
coredump.c
coredump: add new %P variable in core_pattern
2013-09-11 15:59:01 -07:00
coredump.h
dcache.c
vfs: fix typo in comment in recent dentry work
2013-09-15 07:11:01 -04:00
dcookies.c
consolidate compat lookup_dcookie()
2013-03-03 23:00:23 -05:00
direct-io.c
direct-io: Use return from cmpxchg to decide of assignment happened
2013-09-09 10:47:42 -07:00
drop_caches.c
shrinker: add node awareness
2013-09-10 18:56:31 -04:00
eventfd.c
eventpoll.c
epoll: add a reschedule point in ep_free()
2013-09-11 15:58:50 -07:00
exec.c
exec: cleanup the error handling in search_binary_handler()
2013-09-11 15:59:09 -07:00
fcntl.c
vfs: add missing check for __O_TMPFILE in fcntl_init()
2013-08-05 18:25:32 +04:00
fhandle.c
file_table.c
fs/file_table.c:fput(): make comment more truthful
2013-09-11 15:59:01 -07:00
file.c
don't bother with deferred freeing of fdtables
2013-05-01 17:31:42 -04:00
filesystems.c
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
fs_struct.c
constify path_get/path_put and fs_struct.c stuff
2013-03-01 23:51:07 -05:00
fs-writeback.c
a trivial writeback fix
2013-09-13 23:06:40 -04:00
generic_acl.c
inode.c
fs: convert inode and dentry shrinking to be node aware
2013-09-10 18:56:31 -04:00
internal.h
fs: convert inode and dentry shrinking to be node aware
2013-09-10 18:56:31 -04:00
ioctl.c
new helper: file_inode(file)
2013-02-22 23:31:31 -05:00
ioprio.c
Kconfig
efivarfs: Move to fs/efivarfs
2013-04-17 13:25:09 +01:00
Kconfig.binfmt
fs: make binfmt support for #! scripts modular and removable
2013-04-30 17:04:04 -07:00
libfs.c
make simple_lookup() usable for filesystems that set ->s_d_op
2013-07-14 17:43:25 +04:00
locks.c
locks: move file_lock_list to a set of percpu hlist_heads and convert file_lock_lock to an lglock
2013-07-08 13:36:42 +04:00
Makefile
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-05-01 17:51:54 -07:00
mbcache.c
fs: convert fs shrinkers to new scan/count API
2013-09-10 18:56:31 -04:00
mount.h
get rid of full-hash scan on detaching vfsmounts
2013-04-09 14:12:52 -04:00
mpage.c
namei.c
atomic_open: take care of EEXIST in no-open case with O_CREAT|O_EXCL in fs/namei.c
2013-09-17 17:08:50 -04:00
namespace.c
initmpfs: move rootfs code from fs/ramfs/ to init/
2013-09-11 15:59:37 -07:00
no-block.c
open.c
vfs: improve i_op->atomic_open() documentation
2013-09-16 19:17:24 -04:00
pipe.c
aio: don't include aio.h in sched.h
2013-05-07 20:16:25 -07:00
pnode.c
vfs: Fix invalid ida_remove() call
2013-05-31 15:16:33 -04:00
pnode.h
vfs: Don't copy mount bind mounts of /proc/<pid>/ns/mnt between namespaces
2013-08-26 18:42:15 -07:00
posix_acl.c
proc_namespace.c
read_write.c
aio: Kill aio_rw_vect_retry()
2013-07-30 11:53:12 -04:00
readdir.c
[readdir] constify ->actor
2013-06-29 12:57:05 +04:00
select.c
net: rename include/net/ll_poll.h to include/net/busy_poll.h
2013-07-10 17:08:27 -07:00
seq_file.c
seq_file: add seq_list_*_percpu helpers
2013-07-08 13:36:41 +04:00
signalfd.c
switch signalfd{,4}() to COMPAT_SYSCALL_DEFINE
2013-03-03 22:58:46 -05:00
splice.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-07-03 09:10:19 -07:00
stack.c
stat.c
quota: provide interface for readding allocated space into reserved space
2013-08-17 09:32:32 -04:00
statfs.c
super.c
super: fix for destroy lrus
2013-09-10 18:56:32 -04:00
sync.c
teach SYSCALL_DEFINE<n> how to deal with long long/unsigned long long
2013-03-03 22:46:22 -05:00
timerfd.c
timerfd: Add alarm timers
2013-05-29 12:57:34 -07:00
utimes.c
xattr_acl.c
xattr.c