Project

General

Profile

Bug #7671

fs_frlock() should remove installed callback

Added by Marcel Telka over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
filesystems (not ZFS)
Start date:
2016-12-16
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

In some cases the fs_frlock() installs new serialize_callback using flk_add_callback(), but does not remove it from the flk_cbp list. The serialize_callback is allocated on stack and will become invalid once the fs_frlock() returns. This is usually not a problem, since the flk_cbp list is usually empty (it is NULL). But there are some cases when the fs_frlock() callers install their own callbacks, like in nlm_block(), or in smb_vop_frlock(). Once the fs_frlock() returns for such a caller, it might be left with the corrupted callbacks list. If such a caller calls fs_frlock() again bad things might happen. Fortunately, all fs_frlock() callers with their own callbacks does not do repeated fs_frlock() calls (or something else dangerous), so we are safe now, but the situation might change any time unnoticed.

#1

Updated by Marcel Telka over 4 years ago

  • Status changed from In Progress to Pending RTI
#2

Updated by Electric Monk over 4 years ago

  • Status changed from Pending RTI to Closed
  • % Done changed from 0 to 100

git commit 668487358738f1513a74ebbb1b8cda03947984c1

commit  668487358738f1513a74ebbb1b8cda03947984c1
Author: Marcel Telka <marcel@telka.sk>
Date:   2016-12-20T15:51:23.000Z

    7671 fs_frlock() should remove installed callback
    Reviewed by: Robert Mustacchi <rm@joyent.com>
    Reviewed by: Toomas Soome <tsoome@me.com>
    Approved by: Dan McDonald <danmcd@omniti.com>

Also available in: Atom PDF