Oops, no, this breaks the build and can't go to 3.14 :( If someone wants to provide a backported version, I'll be glad to take it. thanks, greg k-h On Tue, May 20, 2014 at 12:20:34PM +0900, gregkh@xxxxxxxxxxxxxxxxxxx wrote: > > This is a note to let you know that I've just added the patch titled > > cifs: fix the race in cifs_writev() > > to the 3.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary > > The filename of the patch is: > cifs-fix-the-race-in-cifs_writev.patch > and it can be found in the queue-3.14 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable@xxxxxxxxxxxxxxx> know about it. > > > >From 19dfc1f5f2ef03a52aa30c8257c5745edef23f55 Mon Sep 17 00:00:00 2001 > From: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > Date: Thu, 3 Apr 2014 10:27:17 -0400 > Subject: cifs: fix the race in cifs_writev() > > From: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > > commit 19dfc1f5f2ef03a52aa30c8257c5745edef23f55 upstream. > > O_APPEND handling there hadn't been completely fixed by Pavel's > patch; it checks the right value, but it's racy - we can't really > do that until i_mutex has been taken. > > Fix by switching to __generic_file_aio_write() (open-coding > generic_file_aio_write(), actually) and pulling mutex_lock() above > inode_size_read(). > > Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > > --- > fs/cifs/file.c | 23 ++++++++++++++++++----- > 1 file changed, 18 insertions(+), 5 deletions(-) > > --- a/fs/cifs/file.c > +++ b/fs/cifs/file.c > @@ -2579,19 +2579,32 @@ cifs_writev(struct kiocb *iocb, const st > struct cifsInodeInfo *cinode = CIFS_I(inode); > struct TCP_Server_Info *server = tlink_tcon(cfile->tlink)->ses->server; > ssize_t rc = -EACCES; > - loff_t lock_pos = pos; > + loff_t lock_pos = iocb->ki_pos; > > - if (file->f_flags & O_APPEND) > - lock_pos = i_size_read(inode); > /* > * We need to hold the sem to be sure nobody modifies lock list > * with a brlock that prevents writing. > */ > down_read(&cinode->lock_sem); > + mutex_lock(&inode->i_mutex); > + if (file->f_flags & O_APPEND) > + lock_pos = i_size_read(inode); > if (!cifs_find_lock_conflict(cfile, lock_pos, iov_length(iov, nr_segs), > server->vals->exclusive_lock_type, NULL, > - CIFS_WRITE_OP)) > - rc = generic_file_aio_write(iocb, iov, nr_segs, pos); > + CIFS_WRITE_OP)) { > + rc = __generic_file_aio_write(iocb, iov, nr_segs); > + mutex_unlock(&inode->i_mutex); > + > + if (rc > 0) { > + ssize_t err; > + > + err = generic_write_sync(file, iocb->ki_pos - rc, rc); > + if (rc < 0) > + rc = err; > + } > + } else { > + mutex_unlock(&inode->i_mutex); > + } > up_read(&cinode->lock_sem); > return rc; > } > > > Patches currently in stable-queue which might be from viro@xxxxxxxxxxxxxxxxxx are > > queue-3.14/don-t-bother-with-get-put-_write_access-on-non-regular-files.patch > queue-3.14/cifs-fix-the-race-in-cifs_writev.patch > -- > To unsubscribe from this list: send the line "unsubscribe stable" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html