Bug #7671
fs_frlock() should remove installed callback
100%
Description
In some cases the fs_frlock()
installs new serialize_callback using flk_add_callback()
, but does not remove it from the flk_cbp
list. The serialize_callback is allocated on stack and will become invalid once the fs_frlock()
returns. This is usually not a problem, since the flk_cbp
list is usually empty (it is NULL
). But there are some cases when the fs_frlock()
callers install their own callbacks, like in nlm_block()
, or in smb_vop_frlock()
. Once the fs_frlock()
returns for such a caller, it might be left with the corrupted callbacks list. If such a caller calls fs_frlock()
again bad things might happen. Fortunately, all fs_frlock()
callers with their own callbacks does not do repeated fs_frlock()
calls (or something else dangerous), so we are safe now, but the situation might change any time unnoticed.
Updated by Electric Monk about 4 years ago
- Status changed from Pending RTI to Closed
- % Done changed from 0 to 100
git commit 668487358738f1513a74ebbb1b8cda03947984c1
commit 668487358738f1513a74ebbb1b8cda03947984c1 Author: Marcel Telka <marcel@telka.sk> Date: 2016-12-20T15:51:23.000Z 7671 fs_frlock() should remove installed callback Reviewed by: Robert Mustacchi <rm@joyent.com> Reviewed by: Toomas Soome <tsoome@me.com> Approved by: Dan McDonald <danmcd@omniti.com>