Commit 6e7f90d1 authored by J. Bruce Fields's avatar J. Bruce Fields Committed by Chuck Lever
Browse files

lockd: fix server crash on reboot of client holding lock 



I thought I was iterating over the array when actually the iteration is
over the values contained in the array?

Ugh, keep it simple.

Symptoms were a null deference in vfs_lock_file() when an NFSv3 client
that previously held a lock came back up and sent a notify.

Reported-by: default avatarJonathan Woithe <jwoithe@just42.net>
Fixes: 7f024fcd ("Keep read and write fds with each nlm_file")
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
parent 16720861

fs/lockd/svcsubs.c

+9 −8
Original line number Diff line number Diff line
@@ -179,19 +179,20 @@ nlm_delete_file(struct nlm_file *file) 
static int nlm_unlock_files(struct nlm_file *file)

{

	struct file_lock lock;

	struct file *f;



	lock.fl_type  = F_UNLCK;

	lock.fl_start = 0;

	lock.fl_end   = OFFSET_MAX;

	for (f = file->f_file[0]; f <= file->f_file[1]; f++) {

		if (f && vfs_lock_file(f, F_SETLK, &lock, NULL) < 0) {

			pr_warn("lockd: unlock failure in %s:%d\n",

				__FILE__, __LINE__);

			return 1;

		}

	}

	if (file->f_file[O_RDONLY] &&

	    vfs_lock_file(file->f_file[O_RDONLY], F_SETLK, &lock, NULL))

		goto out_err;

	if (file->f_file[O_WRONLY] &&

	    vfs_lock_file(file->f_file[O_WRONLY], F_SETLK, &lock, NULL))

		goto out_err;

	return 0;

out_err:

	pr_warn("lockd: unlock failure in %s:%d\n", __FILE__, __LINE__);

	return 1;

}



/*