From patchwork Mon Mar 23 15:36:14 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "J. Bruce Fields" X-Patchwork-Id: 6073941 Return-Path: X-Original-To: patchwork-linux-nfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 78ECE9F399 for ; Mon, 23 Mar 2015 15:36:24 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 9DC51201FA for ; Mon, 23 Mar 2015 15:36:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 6E2A1201C8 for ; Mon, 23 Mar 2015 15:36:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752593AbbCWPgR (ORCPT ); Mon, 23 Mar 2015 11:36:17 -0400 Received: from fieldses.org ([173.255.197.46]:42824 "EHLO fieldses.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752573AbbCWPgP (ORCPT ); Mon, 23 Mar 2015 11:36:15 -0400 Received: by fieldses.org (Postfix, from userid 2815) id 59E353CE1; Mon, 23 Mar 2015 11:36:14 -0400 (EDT) Date: Mon, 23 Mar 2015 11:36:14 -0400 From: "J. Bruce Fields" To: Jeff Layton Cc: trond.myklebust@primarydata.com, hch@infradead.org, linux-nfs@vger.kernel.org Subject: Re: [PATCH 1/3] nfsd: return correct openowner when there is a race to put one in the hash Message-ID: <20150323153614.GB15183@fieldses.org> References: <1427122424-8078-1-git-send-email-jeff.layton@primarydata.com> <1427122424-8078-2-git-send-email-jeff.layton@primarydata.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1427122424-8078-2-git-send-email-jeff.layton@primarydata.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On Mon, Mar 23, 2015 at 10:53:42AM -0400, Jeff Layton wrote: > alloc_init_open_stateowner can return an already freed entry if there is > a race to put openowners in the hashtable. Looks like alloc_init_lock_stateowner has the same bug, so I'll apply something like this pending testing. I wonder if it's actually possible to hit this one? --b. commit bdff3084f09f Author: J. Bruce Fields Date: Mon Mar 23 11:02:30 2015 -0400 nfsd: return correct lockowner when there is a race on hash insert alloc_init_lock_stateowner can return an already freed entry if there is a race to put openowners in the hashtable. Noticed by inspection after Jeff Layton fixed the same bug for open owners. Depending on client behavior, this one may be trickier to trigger in practice. Fixes: c58c6610ec24 "nfsd: Protect adding/removing lock owners using client_lock" Cc: stable@vger.kernel.org> Cc: Trond Myklebust Cc: Jeff Layton Signed-off-by: J. Bruce Fields Acked-by: Jeff Layton --- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index d2f2c37dc2db..49ae6116992f 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -5062,7 +5062,7 @@ alloc_init_lock_stateowner(unsigned int strhashval, struct nfs4_client *clp, } else nfs4_free_lockowner(&lo->lo_owner); spin_unlock(&clp->cl_lock); - return lo; + return ret; } static void