Patch "nfs: fix potential credential leak in ff_layout_update_mirror_cred" has been added to the 4.1-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    nfs: fix potential credential leak in ff_layout_update_mirror_cred

to the 4.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     nfs-fix-potential-credential-leak-in-ff_layout_update_mirror_cred.patch
and it can be found in the queue-4.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From a24221dca1868101c9b4b5adde4a6a5b1a3a64a7 Mon Sep 17 00:00:00 2001
From: Jeff Layton <jlayton@xxxxxxxxxxxxxxx>
Date: Wed, 24 Jun 2015 12:10:23 -0400
Subject: nfs: fix potential credential leak in ff_layout_update_mirror_cred

From: Jeff Layton <jlayton@xxxxxxxxxxxxxxx>

commit a24221dca1868101c9b4b5adde4a6a5b1a3a64a7 upstream.

If we have two tasks racing to update a mirror's credentials, then they
can end up leaking one (or more) sets of credentials. The first task
will set mirror->cred and then the second task will just overwrite it.

Use a cmpxchg to ensure that the creds are only set once. If we get to
the point where we would set mirror->cred and find that they're already
set, then we just release the creds that were just found.

Signed-off-by: Jeff Layton <jeff.layton@xxxxxxxxxxxxxxx>
Signed-off-by: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 fs/nfs/flexfilelayout/flexfilelayoutdev.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/fs/nfs/flexfilelayout/flexfilelayoutdev.c
+++ b/fs/nfs/flexfilelayout/flexfilelayoutdev.c
@@ -324,7 +324,8 @@ static int ff_layout_update_mirror_cred(
 				__func__, PTR_ERR(cred));
 			return PTR_ERR(cred);
 		} else {
-			mirror->cred = cred;
+			if (cmpxchg(&mirror->cred, NULL, cred))
+				put_rpccred(cred);
 		}
 	}
 	return 0;


Patches currently in stable-queue which might be from jlayton@xxxxxxxxxxxxxxx are

queue-4.1/nfs-increase-size-of-exchange_id-name-string-buffer.patch
queue-4.1/nfs-always-update-creds-in-mirror-even-when-we-have-an-already-connected-ds.patch
queue-4.1/nfs-fix-potential-credential-leak-in-ff_layout_update_mirror_cred.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]