From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org,
Andrew Morton <akpm@linux-foundation.org>
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
torvalds@linux-foundation.org, alan@lxorguk.ukuu.org.uk,
Gabriel Barazer <gabriel@oxeva.fr>,
nfs@lists.sourceforge.net, Greg Banks <gnb@melbourne.sgi.com>,
Neil Brown <neilb@suse.de>
Subject: [patch 01/33] knfsd: Use a spinlock to protect sk_info_authunix
Date: Thu, 26 Apr 2007 09:54:58 -0700 [thread overview]
Message-ID: <20070426165458.GB1898@kroah.com> (raw)
In-Reply-To: <20070426165445.GA1898@kroah.com>
[-- Attachment #1: knfsd-use-a-spinlock-to-protect-sk_info_authunix.patch --]
[-- Type: text/plain, Size: 2146 bytes --]
-stable review patch. If anyone has any objections, please let us know.
------------------
From: NeilBrown <neilb@suse.de>
sk_info_authunix is not being protected properly so the object that
it points to can be cache_put twice, leading to corruption.
We borrow svsk->sk_defer_lock to provide the protection. We should probably
rename that lock to have a more generic name - later.
Thanks to Gabriel for reporting this.
Cc: Greg Banks <gnb@melbourne.sgi.com>
Cc: Gabriel Barazer <gabriel@oxeva.fr>
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/sunrpc/svcauth_unix.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
--- a/net/sunrpc/svcauth_unix.c
+++ b/net/sunrpc/svcauth_unix.c
@@ -383,7 +383,10 @@ void svcauth_unix_purge(void)
static inline struct ip_map *
ip_map_cached_get(struct svc_rqst *rqstp)
{
- struct ip_map *ipm = rqstp->rq_sock->sk_info_authunix;
+ struct ip_map *ipm;
+ struct svc_sock *svsk = rqstp->rq_sock;
+ spin_lock_bh(&svsk->sk_defer_lock);
+ ipm = svsk->sk_info_authunix;
if (ipm != NULL) {
if (!cache_valid(&ipm->h)) {
/*
@@ -391,12 +394,14 @@ ip_map_cached_get(struct svc_rqst *rqstp
* remembered, e.g. by a second mount from the
* same IP address.
*/
- rqstp->rq_sock->sk_info_authunix = NULL;
+ svsk->sk_info_authunix = NULL;
+ spin_unlock_bh(&svsk->sk_defer_lock);
cache_put(&ipm->h, &ip_map_cache);
return NULL;
}
cache_get(&ipm->h);
}
+ spin_unlock_bh(&svsk->sk_defer_lock);
return ipm;
}
@@ -405,9 +410,15 @@ ip_map_cached_put(struct svc_rqst *rqstp
{
struct svc_sock *svsk = rqstp->rq_sock;
- if (svsk->sk_sock->type == SOCK_STREAM && svsk->sk_info_authunix == NULL)
- svsk->sk_info_authunix = ipm; /* newly cached, keep the reference */
- else
+ spin_lock_bh(&svsk->sk_defer_lock);
+ if (svsk->sk_sock->type == SOCK_STREAM &&
+ svsk->sk_info_authunix == NULL) {
+ /* newly cached, keep the reference */
+ svsk->sk_info_authunix = ipm;
+ ipm = NULL;
+ }
+ spin_unlock_bh(&svsk->sk_defer_lock);
+ if (ipm)
cache_put(&ipm->h, &ip_map_cache);
}
--
next prev parent reply other threads:[~2007-04-26 16:58 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20070426165111.393445007@mini.kroah.org>
2007-04-26 16:54 ` [patch 00/33] 2.6.20-stable review Greg KH
2007-04-26 16:48 ` David Lang
2007-04-26 17:30 ` Greg KH
2007-04-26 17:45 ` [stable] " Chris Wright
2007-04-26 16:54 ` Greg KH [this message]
2007-04-26 16:55 ` [patch 02/33] IB/mthca: Fix data corruption after FMR unmap on Sinai Greg KH
2007-04-26 16:55 ` [patch 03/33] HID: zeroing of bytes in output fields is bogus Greg KH
2007-04-26 16:55 ` [patch 04/33] KVM: MMU: Fix guest writes to nonpae pde Greg KH
2007-04-26 16:55 ` [patch 05/33] KVM: MMU: Fix host memory corruption on i386 with >= 4GB ram Greg KH
2007-04-26 16:55 ` [patch 06/33] holepunch: fix shmem_truncate_range punching too far Greg KH
2007-04-26 16:55 ` [patch 07/33] holepunch: fix shmem_truncate_range punch locking Greg KH
2007-04-26 16:55 ` [patch 08/33] holepunch: fix disconnected pages after second truncate Greg KH
2007-04-26 16:55 ` [patch 09/33] holepunch: fix mmap_sem i_mutex deadlock Greg KH
2007-04-26 16:55 ` [patch 10/33] Fix sparc64 SBUS IOMMU allocator Greg KH
2007-04-26 16:55 ` [patch 11/33] Fix qlogicpti DMA unmapping Greg KH
2007-04-26 16:55 ` [patch 12/33] Fix compat sys_ipc() on sparc64 Greg KH
2007-04-26 16:55 ` [patch 13/33] Fix bogus inline directive in sparc64 PCI code Greg KH
2007-04-26 16:55 ` [patch 14/33] Fix errors in tcp_memcalculations Greg KH
2007-04-26 16:56 ` [patch 15/33] Fix netpoll UDP input path Greg KH
2007-04-26 16:56 ` [patch 16/33] Fix IRDA oopser Greg KH
2007-04-26 16:56 ` [patch 17/33] cache_k8_northbridges() overflows beyond allocation Greg KH
2007-04-26 16:56 ` [patch 18/33] exec.c: fix coredump to pipe problem and obscure "security hole" Greg KH
2007-04-26 16:56 ` [patch 19/33] NFS: Fix an Oops in nfs_setattr() Greg KH
2007-04-26 16:56 ` [patch 20/33] x86: Dont probe for DDC on VBE1.2 Greg KH
2007-04-26 16:56 ` [patch 21/33] vt: fix potential race in VT_WAITACTIVE handler Greg KH
2007-04-26 16:56 ` [patch 22/33] 3w-xxxx: fix oops caused by incorrect REQUEST_SENSE handling Greg KH
2007-04-26 16:56 ` [patch 23/33] fix bogon in /dev/mem mmaping on nommu Greg KH
2007-04-26 16:56 ` [patch 24/33] fix OOM killing processes wrongly thought MPOL_BIND Greg KH
2007-04-26 16:56 ` [patch 25/33] Fix possible NULL pointer access in 8250 serial driver Greg KH
2007-04-26 16:56 ` [patch 26/33] page migration: fix NR_FILE_PAGES accounting Greg KH
2007-04-26 16:57 ` [patch 27/33] Taskstats fix the structure members alignment issue Greg KH
2007-04-26 16:57 ` [patch 28/33] reiserfs: fix xattr root locking/refcount bug Greg KH
2007-04-26 16:57 ` [patch 29/33] hwmon/w83627ehf: Fix the fan5 clock divider write Greg KH
2007-04-26 16:57 ` [patch 30/33] ALSA: intel8x0 - Fix speaker output after S2RAM Greg KH
2007-04-26 16:57 ` [patch 31/33] AGPGART: intel_agp: fix G965 GTT size detect Greg KH
2007-04-26 16:57 ` [patch 32/33] cfq-iosched: fix alias + front merge bug Greg KH
2007-04-26 16:57 ` [patch 33/33] Revert "adjust legacy IDE resource setting (v2)" Greg KH
2007-04-26 17:01 ` [patch 00/33] 2.6.20-stable review Greg KH
2007-04-26 20:29 ` Chuck Ebbert
2007-04-27 10:15 ` Wu, Bryan
2007-04-27 11:05 ` Jesper Juhl
2007-04-27 13:47 ` Chuck Ebbert
2007-04-27 15:13 ` Greg KH
2007-04-28 4:21 ` Bryan WU
2007-04-28 5:48 ` Greg KH
2007-04-28 6:46 ` Bryan WU
2007-04-28 7:01 ` Greg KH
2007-04-28 16:24 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070426165458.GB1898@kroah.com \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=gabriel@oxeva.fr \
--cc=gnb@melbourne.sgi.com \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=neilb@suse.de \
--cc=nfs@lists.sourceforge.net \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox