Patch "lockd: fix server crash on reboot of client holding lock" has been added to the 5.10-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Tue, 18 Jun 2024 07:50:24 -0400

This is a note to let you know that I've just added the patch titled

    lockd: fix server crash on reboot of client holding lock

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     lockd-fix-server-crash-on-reboot-of-client-holding-l.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 9feb01213455b3eeeefecc8972e42a2ca5f150dd
Author: J. Bruce Fields <bfields@xxxxxxxxxxxx>
Date:   Tue Jan 18 17:00:16 2022 -0500

    lockd: fix server crash on reboot of client holding lock
    
    [ Upstream commit 6e7f90d163afa8fc2efd6ae318e7c20156a5621f ]
    
    I thought I was iterating over the array when actually the iteration is
    over the values contained in the array?
    
    Ugh, keep it simple.
    
    Symptoms were a null deference in vfs_lock_file() when an NFSv3 client
    that previously held a lock came back up and sent a notify.
    
    Reported-by: Jonathan Woithe <jwoithe@xxxxxxxxxx>
    Fixes: 7f024fcd5c97 ("Keep read and write fds with each nlm_file")
    Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxx>
    Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/lockd/svcsubs.c b/fs/lockd/svcsubs.c
index cb3a7512c33ec..54c2e42130ca2 100644
--- a/fs/lockd/svcsubs.c
+++ b/fs/lockd/svcsubs.c
@@ -179,19 +179,20 @@ nlm_delete_file(struct nlm_file *file)
 static int nlm_unlock_files(struct nlm_file *file)
 {
 	struct file_lock lock;
-	struct file *f;
 
 	lock.fl_type  = F_UNLCK;
 	lock.fl_start = 0;
 	lock.fl_end   = OFFSET_MAX;
-	for (f = file->f_file[0]; f <= file->f_file[1]; f++) {
-		if (f && vfs_lock_file(f, F_SETLK, &lock, NULL) < 0) {
-			pr_warn("lockd: unlock failure in %s:%d\n",
-				__FILE__, __LINE__);
-			return 1;
-		}
-	}
+	if (file->f_file[O_RDONLY] &&
+	    vfs_lock_file(file->f_file[O_RDONLY], F_SETLK, &lock, NULL))
+		goto out_err;
+	if (file->f_file[O_WRONLY] &&
+	    vfs_lock_file(file->f_file[O_WRONLY], F_SETLK, &lock, NULL))
+		goto out_err;
 	return 0;
+out_err:
+	pr_warn("lockd: unlock failure in %s:%d\n", __FILE__, __LINE__);
+	return 1;
 }
 
 /*







