* [PATCH] nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing
@ 2025-09-16 16:22 Al Viro
0 siblings, 0 replies; only message in thread
From: Al Viro @ 2025-09-16 16:22 UTC (permalink / raw)
To: linux-nfs; +Cc: linux-fsdevel, Trond Myklebust
Theoretically it's an oopsable race, but I don't believe one can manage
to hit it on real hardware; might become doable on a KVM, but it still
won't be easy to attack.
Anyway, it's easy to deal with - since xdr_encode_hyper() is just a call of
put_unaligned_be64(), we can put that under ->d_lock and be done with that.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index ce61253efd45..eaa1416e0e32 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -391,7 +391,9 @@ static void nfs4_setup_readdir(u64 cookie, __be32 *verifier, struct dentry *dent
*p++ = htonl(attrs); /* bitmap */
*p++ = htonl(12); /* attribute buffer length */
*p++ = htonl(NF4DIR);
+ spin_lock(&dentry->d_lock);
p = xdr_encode_hyper(p, NFS_FILEID(d_inode(dentry->d_parent)));
+ spin_unlock(&dentry->d_lock);
readdir->pgbase = (char *)p - (char *)start;
readdir->count -= readdir->pgbase;
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2025-09-16 16:22 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-16 16:22 [PATCH] nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Al Viro
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox