Commit 931116a0 authored Aug 19, 2024 by Long Li

filelock: Correct the file lock owner in fcntl_setlk64

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IAKLNT


CVE: NA

--------------------------------

The locks_remove_posix() function is designed to reliably remove locks when
an fcntl/close race is detected. However, it was passing in the wrong
filelock owner, resulting in a failure to remove locks. More critically,
if the lock removal fails, it could lead to a uaf issue while traversing
the locks.

Fixes: dfbebb5d ("filelock: Fix fcntl/close race recovery compat path")
Signed-off-by: Long Li <leo.lilong@huawei.com>

parent 9560420d

fs/locks.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -2676,7 +2676,7 @@ int fcntl_setlk64(unsigned int fd, struct file *filp, unsigned int cmd,
		f = fcheck(fd);
		spin_unlock(&current->files->file_lock);
		if (f != filp) {
		locks_remove_posix(filp, &current->files);
		locks_remove_posix(filp, current->files);
		error = -EBADF;
		}
		}