On Thu, 2 Jul 2015 06:08:27 -0400 Jeff Layton <jeff.layton@xxxxxxxxxxxxxxx> wrote: > On Thu, 2 Jul 2015 10:58:59 +0200 > William Dauchy <wdauchy@xxxxxxxxx> wrote: > > > On Wed, Jul 1, 2015 at 3:37 PM Jeff Layton <jeff.layton@xxxxxxxxxxxxxxx> wrote: > > > > > > > The problem is almost exactly the same as the one fixed by feaff8e5b2cf. > > > > > > Oops, I forgot to Cc stable on this one... > > > Trond, can you add that? > > > > Is the commit mentionned also targeted for stable? > > commit feaff8e5b2cfc3eae02cf65db7a400b0b9ffc596 > > nfs: take extra reference to fl->fl_file when running a setlk > > > > Regards, > > Oh! It wasn't marked as such but probably should be. I'll resend it to > stable list a little later. > > Thanks, So, William has done some testing and hit some problems with this patch. I suspect that it's because we can end up running an unlock after the filp->f_count has already gone to zero and are in __fput, so we take an extra reference and end up with a use-after-free. I think it'd be best to revert this patch from all kernels for now (mainline and stable). I don't think the one that changes the setlk codepath is susceptible to this, but it's probably fine to hold off on applying both until I can sort out a better way to fix this one. Thanks! -- Jeff Layton <jeff.layton@xxxxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html