NFS: Fix up a race in the NFS implementation of GETLK
Trond Myklebust [Tue, 18 Oct 2005 21:20:16 +0000 (14:20 -0700)]
 ...and fix a memory corruption bug due to improper use of memcpy() on
 a struct file_lock.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

fs/nfs/file.c

index 6bdcfa9..572d859 100644 (file)
@@ -376,22 +376,31 @@ out_swapfile:
 
 static int do_getlk(struct file *filp, int cmd, struct file_lock *fl)
 {
+       struct file_lock *cfl;
        struct inode *inode = filp->f_mapping->host;
        int status = 0;
 
        lock_kernel();
-       /* Use local locking if mounted with "-onolock" */
-       if (!(NFS_SERVER(inode)->flags & NFS_MOUNT_NONLM))
-               status = NFS_PROTO(inode)->lock(filp, cmd, fl);
-       else {
-               struct file_lock *cfl = posix_test_lock(filp, fl);
-
-               fl->fl_type = F_UNLCK;
-               if (cfl != NULL)
-                       memcpy(fl, cfl, sizeof(*fl));
+       /* Try local locking first */
+       cfl = posix_test_lock(filp, fl);
+       if (cfl != NULL) {
+               locks_copy_lock(fl, cfl);
+               goto out;
        }
+
+       if (nfs_have_delegation(inode, FMODE_READ))
+               goto out_noconflict;
+
+       if (NFS_SERVER(inode)->flags & NFS_MOUNT_NONLM)
+               goto out_noconflict;
+
+       status = NFS_PROTO(inode)->lock(filp, cmd, fl);
+out:
        unlock_kernel();
        return status;
+out_noconflict:
+       fl->fl_type = F_UNLCK;
+       goto out;
 }
 
 static int do_vfs_lock(struct file *file, struct file_lock *fl)