korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-09-23 06:21:57 +08:00
Code Issues Packages Projects Releases Wiki Activity
19d1c32652
linux/fs/nfsd
History
J. Bruce Fields 548ec0805c nfsd: fix use-after-free due to delegation race 
A delegation break could arrive as soon as we've called vfs_setlease.  A
delegation break runs a callback which immediately (in
nfsd4_cb_recall_prepare) adds the delegation to del_recall_lru.  If we
then exit nfs4_set_delegation without hashing the delegation, it will be
freed as soon as the callback is done with it, without ever being
removed from del_recall_lru.

Symptoms show up later as use-after-free or list corruption warnings,
usually in the laundromat thread.

I suspect aba2072f45 "nfsd: grant read delegations to clients holding
writes" made this bug easier to hit, but I looked as far back as v3.0
and it looks to me it already had the same problem.  So I'm not sure
where the bug was introduced; it may have been there from the beginning.

Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2021-12-10 11:55:15 -05:00
..
acl.h nfsd: eliminate an unnecessary acl size limit 2019-08-28 21:13:45 -04:00
auth.c nfsd: auth: Fix gid sorting when rootsquash enabled 2018-01-22 20:13:07 -08:00
auth.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
blocklayout.c nfsd/blocklayout: use ->get_unique_id instead of sending SCSI commands 2021-10-22 08:33:57 -06:00
blocklayoutxdr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
blocklayoutxdr.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cache.h nfsd4: make drc_slab global, not per-net 2020-06-01 17:44:45 -04:00
current_stateid.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
export.c idmapped-mounts-v5.12 2021-02-23 13:39:45 -08:00
export.h nfsd: report per-export stats 2021-01-25 09:36:28 -05:00
fault_inject.c nfsd: no need to check return value of debugfs_create functions 2019-07-03 16:57:17 +02:00
filecache.c fsnotify: Protect fsnotify_handle_inode_event from no-inode events 2021-10-27 12:34:12 +02:00
filecache.h nfsd: convert file cache to use over/underflow safe refcount 2020-02-06 11:22:55 -05:00
flexfilelayout.c NFSD: simplify struct nfsfh 2021-10-02 15:51:10 -04:00
flexfilelayoutxdr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
flexfilelayoutxdr.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
idmap.h
Kconfig nfsd/blocklayout: use ->get_unique_id instead of sending SCSI commands 2021-10-22 08:33:57 -06:00
lockd.c NFSD: simplify struct nfsfh 2021-10-02 15:51:10 -04:00
Makefile nfsd: remove fault injection code 2020-09-25 18:01:26 -04:00
netns.h NFSD: delay unmount source's export after inter-server copy completed. 2021-05-25 17:06:51 -04:00
nfs2acl.c SUNRPC: Change return value type of .pc_encode 2021-10-13 11:34:49 -04:00
nfs3acl.c SUNRPC: Change return value type of .pc_encode 2021-10-13 11:34:49 -04:00
nfs3proc.c NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() 2021-10-02 16:10:01 -04:00
nfs3xdr.c SUNRPC: Change return value type of .pc_encode 2021-10-13 11:34:49 -04:00
nfs4acl.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
nfs4callback.c NFSD: simplify struct nfsfh 2021-10-02 15:51:10 -04:00
nfs4idmap.c nfsd: Use seq_putc() in two functions 2020-07-13 17:28:46 -04:00
nfs4layouts.c nfsd/blocklayout: use ->get_unique_id instead of sending SCSI commands 2021-10-22 08:33:57 -06:00
nfs4proc.c NFSD: Save location of NFSv4 COMPOUND status 2021-10-13 11:34:49 -04:00
nfs4recover.c nfsd: Fix nsfd startup race (again) 2021-12-10 11:54:59 -05:00
nfs4state.c nfsd: fix use-after-free due to delegation race 2021-12-10 11:55:15 -05:00
nfs4xdr.c This is just one bugfix for a bufferflow in knfsd's xdr decoding. 2021-11-17 08:38:00 -08:00
nfscache.c NFSD: Optimize DRC bucket pruning 2021-09-21 18:21:34 -04:00
nfsctl.c nfsd: Fix nsfd startup race (again) 2021-12-10 11:54:59 -05:00
nfsd.h SUNRPC: Change return value type of .pc_encode 2021-10-13 11:34:49 -04:00
nfsfh.c NFSD: simplify struct nfsfh 2021-10-02 15:51:10 -04:00
nfsfh.h NFSD: simplify struct nfsfh 2021-10-02 15:51:10 -04:00
nfsproc.c NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() 2021-10-02 16:10:01 -04:00
nfssvc.c NFSD:fix boolreturn.cocci warning 2021-10-19 10:36:48 -04:00
nfsxdr.c SUNRPC: Change return value type of .pc_encode 2021-10-13 11:34:49 -04:00
pnfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
state.h nfsd: track filehandle aliasing in nfs4_files 2021-04-19 16:41:36 -04:00
stats.c nfsd: protect concurrent access to nfsd stats counters 2021-01-25 09:36:27 -05:00
stats.h nfsd: report per-export stats 2021-01-25 09:36:28 -05:00
trace.c NFSD: Add SPDX header for fs/nfsd/trace.c 2020-11-30 13:00:24 -05:00
trace.h NFS: Move NFS protocol display macros to global header 2021-11-02 12:31:23 -04:00
vfs.c nfsd4: remove obselete comment 2021-11-01 17:17:14 -04:00
vfs.h NFSD: Update the NFSv3 ACCESS3res encoder to use struct xdr_stream 2021-03-22 10:18:52 -04:00
xdr3.h SUNRPC: Change return value type of .pc_encode 2021-10-13 11:34:49 -04:00
xdr4.h SUNRPC: Change return value type of .pc_encode 2021-10-13 11:34:49 -04:00
xdr4cb.h NFSD CB_OFFLOAD xdr 2018-09-25 20:34:54 -04:00
xdr.h SUNRPC: Change return value type of .pc_encode 2021-10-13 11:34:49 -04:00