NFSv4: Fix races in the legacy idmapper upcall (092f8285) · Commits · Summer2022 / 22b970497

Commit 092f8285 authored 2 years ago by

Trond Myklebust Committed by Yongqiang Liu 2 years ago

NFSv4: Fix races in the legacy idmapper upcall

stable inclusion
from stable-v4.19.256
commit bb4a4b31c29dd04d50e2b34b780acc0e1bbb8ce2
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I5UQH4


CVE: NA

--------------------------------

commit 51fd2eb52c0ca8275a906eed81878ef50ae94eb0 upstream.

nfs_idmap_instantiate() will cause the process that is waiting in
request_key_with_auxdata() to wake up and exit. If there is a second
process waiting for the idmap->idmap_mutex, then it may wake up and
start a new call to request_key_with_auxdata(). If the call to
idmap_pipe_downcall() from the first process has not yet finished
calling nfs_idmap_complete_pipe_upcall_locked(), then we may end up
triggering the WARN_ON_ONCE() in nfs_idmap_prepare_pipe_upcall().

The fix is to ensure that we clear idmap->idmap_upcall_data before
calling nfs_idmap_instantiate().

Fixes: e9ab41b6 ("NFSv4: Clean up the legacy idmapper upcall")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>

parent ffa9f2a5

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 24 additions and 22 deletions

Please register or to comment