2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2025-01-07 13:13:57 +08:00

NFS: Beware when dereferencing the delegation cred

When we look up the delegation cred, we are usually doing so in
conjunction with a read of the stateid, and we want to ensure
that the look up is atomic with that read.

Fixes: 57f188e047 ("NFSv4: nfs_update_inplace_delegation() should update delegation cred")
[sfr@canb.auug.org.au: Fixed up borken Fixes: line from Trond :-)]
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
This commit is contained in:
Trond Myklebust 2020-04-02 15:27:09 -04:00
parent f30a6ea0f3
commit fc51b1cf39
2 changed files with 11 additions and 1 deletions

View File

@ -1243,8 +1243,10 @@ restart_locked:
inode = nfs_delegation_grab_inode(delegation); inode = nfs_delegation_grab_inode(delegation);
if (inode == NULL) if (inode == NULL)
goto restart_locked; goto restart_locked;
spin_lock(&delegation->lock);
cred = get_cred_rcu(delegation->cred); cred = get_cred_rcu(delegation->cred);
nfs4_stateid_copy(&stateid, &delegation->stateid); nfs4_stateid_copy(&stateid, &delegation->stateid);
spin_unlock(&delegation->lock);
clear_bit(NFS_DELEGATION_TEST_EXPIRED, &delegation->flags); clear_bit(NFS_DELEGATION_TEST_EXPIRED, &delegation->flags);
rcu_read_unlock(); rcu_read_unlock();
nfs_delegation_test_free_expired(inode, &stateid, cred); nfs_delegation_test_free_expired(inode, &stateid, cred);
@ -1363,11 +1365,14 @@ bool nfs4_copy_delegation_stateid(struct inode *inode, fmode_t flags,
{ {
struct nfs_inode *nfsi = NFS_I(inode); struct nfs_inode *nfsi = NFS_I(inode);
struct nfs_delegation *delegation; struct nfs_delegation *delegation;
bool ret; bool ret = false;
flags &= FMODE_READ|FMODE_WRITE; flags &= FMODE_READ|FMODE_WRITE;
rcu_read_lock(); rcu_read_lock();
delegation = rcu_dereference(nfsi->delegation); delegation = rcu_dereference(nfsi->delegation);
if (!delegation)
goto out;
spin_lock(&delegation->lock);
ret = nfs4_is_valid_delegation(delegation, flags); ret = nfs4_is_valid_delegation(delegation, flags);
if (ret) { if (ret) {
nfs4_stateid_copy(dst, &delegation->stateid); nfs4_stateid_copy(dst, &delegation->stateid);
@ -1375,6 +1380,8 @@ bool nfs4_copy_delegation_stateid(struct inode *inode, fmode_t flags,
if (cred) if (cred)
*cred = get_cred(delegation->cred); *cred = get_cred(delegation->cred);
} }
spin_unlock(&delegation->lock);
out:
rcu_read_unlock(); rcu_read_unlock();
return ret; return ret;
} }

View File

@ -2790,16 +2790,19 @@ static int nfs41_check_delegation_stateid(struct nfs4_state *state)
return NFS_OK; return NFS_OK;
} }
spin_lock(&delegation->lock);
nfs4_stateid_copy(&stateid, &delegation->stateid); nfs4_stateid_copy(&stateid, &delegation->stateid);
if (!test_and_clear_bit(NFS_DELEGATION_TEST_EXPIRED, if (!test_and_clear_bit(NFS_DELEGATION_TEST_EXPIRED,
&delegation->flags)) { &delegation->flags)) {
spin_unlock(&delegation->lock);
rcu_read_unlock(); rcu_read_unlock();
return NFS_OK; return NFS_OK;
} }
if (delegation->cred) if (delegation->cred)
cred = get_cred(delegation->cred); cred = get_cred(delegation->cred);
spin_unlock(&delegation->lock);
rcu_read_unlock(); rcu_read_unlock();
status = nfs41_test_and_free_expired_stateid(server, &stateid, cred); status = nfs41_test_and_free_expired_stateid(server, &stateid, cred);
trace_nfs4_test_delegation_stateid(state, NULL, status); trace_nfs4_test_delegation_stateid(state, NULL, status);