locks,lockd: fix race in nlmsvc_testlock posix_test_lock() returns a pointer to a struct file_lock which is unprotected and can be removed while in use by the caller. Move the conflicting lock from the return to a parameter, and copy the conflicting lock. In most cases the caller ends up putting the copy of the conflicting lock on the stack. On i386, sizeof(struct file_lock) appears to be about 100 bytes. We're assuming that's reasonable. Signed-off-by: Andy Adamson <andros@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

commit: 8dc7c3115b611c00006eac3ee5b108296432aab7 [log] [tgz]
author: Andy Adamson <andros@citi.umich.edu> Mon Mar 20 13:44:26 2006 -0500
committer: Trond Myklebust <Trond.Myklebust@netapp.com> Mon Mar 20 13:44:26 2006 -0500
tree: be44c59907cbdcb6fdf46d0ad9cc140af757acfc
parent: 2e0af86f618c697b44e2d67dff151256c58201c4 [diff] [blame]
diff --git a/fs/nfs/file.c b/fs/nfs/file.c
index 1cf07e4..ee140c5 100644
--- a/fs/nfs/file.c
+++ b/fs/nfs/file.c

@@ -392,15 +392,14 @@
 
 static int do_getlk(struct file *filp, int cmd, struct file_lock *fl)
 {
-	struct file_lock *cfl;
+	struct file_lock cfl;
 	struct inode *inode = filp->f_mapping->host;
 	int status = 0;
 
 	lock_kernel();
 	/* Try local locking first */
-	cfl = posix_test_lock(filp, fl);
-	if (cfl != NULL) {
-		locks_copy_lock(fl, cfl);
+	if (posix_test_lock(filp, fl, &cfl)) {
+		locks_copy_lock(fl, &cfl);
 		goto out;
 	}
commit	8dc7c3115b611c00006eac3ee5b108296432aab7	[log] [tgz]
author	Andy Adamson <andros@citi.umich.edu>	Mon Mar 20 13:44:26 2006 -0500
committer	Trond Myklebust <Trond.Myklebust@netapp.com>	Mon Mar 20 13:44:26 2006 -0500
tree	be44c59907cbdcb6fdf46d0ad9cc140af757acfc
parent	2e0af86f618c697b44e2d67dff151256c58201c4 [diff] [blame]