| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 03 Aug 2011 15:01:37 -0700
From: Greg KH <gregkh@...e.de>
To: linux-kernel@...r.kernel.org, stable@...nel.org
Cc: stable-review@...nel.org, torvalds@...ux-foundation.org,
akpm@...ux-foundation.org, alan@...rguk.ukuu.org.uk,
"J. Bruce Fields" <bfields@...hat.com>
Subject: [077/102] nfsd4: fix file leak on open_downgrade
3.0-stable review patch. If anyone has any objections, please let us know.
------------------
From: "J. Bruce Fields" <bfields@...hat.com>
commit f197c27196a5e7631b89e2e92daa096fcf7c302c upstream.
Stateid's hold a read reference for a read open, a write reference for a
write open, and an additional one of each for each read+write open. The
latter wasn't getting put on a downgrade, so something like:
open RW
open R
downgrade to R
was resulting in a file leak.
Also fix an imbalance in an error path.
Regression from 7d94784293096c0a46897acdb83be5abd9278ece "nfsd4: fix
downgrade/lock logic".
Signed-off-by: J. Bruce Fields <bfields@...hat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...e.de>
---
fs/nfsd/nfs4state.c | 31 ++++++++-----------------------
1 file changed, 8 insertions(+), 23 deletions(-)
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -2332,15 +2332,6 @@ out:
return ret;
}
-static inline void
-nfs4_file_downgrade(struct nfs4_file *fp, unsigned int share_access)
-{
- if (share_access & NFS4_SHARE_ACCESS_WRITE)
- nfs4_file_put_access(fp, O_WRONLY);
- if (share_access & NFS4_SHARE_ACCESS_READ)
- nfs4_file_put_access(fp, O_RDONLY);
-}
-
static void nfsd_break_one_deleg(struct nfs4_delegation *dp)
{
/* We're assuming the state code never drops its reference
@@ -2627,7 +2618,7 @@ nfs4_upgrade_open(struct svc_rqst *rqstp
status = nfsd4_truncate(rqstp, cur_fh, open);
if (status) {
if (new_access) {
- int oflag = nfs4_access_to_omode(new_access);
+ int oflag = nfs4_access_to_omode(op_share_access);
nfs4_file_put_access(fp, oflag);
}
return status;
@@ -3385,18 +3376,15 @@ out:
return status;
}
-
-/*
- * unset all bits in union bitmap (bmap) that
- * do not exist in share (from successful OPEN_DOWNGRADE)
- */
-static void
-reset_union_bmap_access(unsigned long access, unsigned long *bmap)
+static inline void nfs4_file_downgrade(struct nfs4_stateid *stp, unsigned int to_access)
{
int i;
+
for (i = 1; i < 4; i++) {
- if ((i & access) != i)
- __clear_bit(i, bmap);
+ if (test_bit(i, &stp->st_access_bmap) && !(i & to_access)) {
+ nfs4_file_put_access(stp->st_file, i);
+ __clear_bit(i, &stp->st_access_bmap);
+ }
}
}
@@ -3417,7 +3405,6 @@ nfsd4_open_downgrade(struct svc_rqst *rq
{
__be32 status;
struct nfs4_stateid *stp;
- unsigned int share_access;
dprintk("NFSD: nfsd4_open_downgrade on file %.*s\n",
(int)cstate->current_fh.fh_dentry->d_name.len,
@@ -3446,10 +3433,8 @@ nfsd4_open_downgrade(struct svc_rqst *rq
stp->st_deny_bmap, od->od_share_deny);
goto out;
}
- set_access(&share_access, stp->st_access_bmap);
- nfs4_file_downgrade(stp->st_file, share_access & ~od->od_share_access);
+ nfs4_file_downgrade(stp, od->od_share_access);
- reset_union_bmap_access(od->od_share_access, &stp->st_access_bmap);
reset_union_bmap_deny(od->od_share_deny, &stp->st_deny_bmap);
update_stateid(&stp->st_stateid);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists