Project

General

Profile

Bug #7671

fs_frlock() should remove installed callback

Added by Marcel Telka over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
filesystems (not ZFS)
Start date:
2016-12-16
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

In some cases the fs_frlock() installs new serialize_callback using flk_add_callback(), but does not remove it from the flk_cbp list. The serialize_callback is allocated on stack and will become invalid once the fs_frlock() returns. This is usually not a problem, since the flk_cbp list is usually empty (it is NULL). But there are some cases when the fs_frlock() callers install their own callbacks, like in nlm_block(), or in smb_vop_frlock(). Once the fs_frlock() returns for such a caller, it might be left with the corrupted callbacks list. If such a caller calls fs_frlock() again bad things might happen. Fortunately, all fs_frlock() callers with their own callbacks does not do repeated fs_frlock() calls (or something else dangerous), so we are safe now, but the situation might change any time unnoticed.

Also available in: Atom PDF