Re: [stable] [patch 08/12] NLM: Fix a circular lock dependency in lockd
On Tue, Oct 09, 2007 at 11:27:57AM -0400, Trond Myklebust wrote: > > Please see the attachment. Thanks, I've applied this to the tree. greg k-h - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [patch 08/12] NLM: Fix a circular lock dependency in lockd
On Tue, 2007-10-09 at 08:13 -0700, Greg KH wrote: > On Tue, Oct 09, 2007 at 11:00:28AM -0400, Trond Myklebust wrote: > > > > On Mon, 2007-10-08 at 22:01 +0200, Roel Kluin wrote: > > > Greg KH wrote: > > > > > > @@ -477,10 +479,15 @@ nlmsvc_testlock(struct svc_rqst *rqstp, > > > > > > if (block == NULL) { > > > struct file_lock *conf = kzalloc(sizeof(*conf), GFP_KERNEL); > > > + struct nlm_host *host; > > > > > > if (conf == NULL) > > > return nlm_granted; > > > - block = nlmsvc_create_block(rqstp, file, lock, cookie); > > > + /* Create host handle for callback */ > > > + host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len); > > > + if (host == NULL) > > > + return nlm_lck_denied_nolocks; > > > + block = nlmsvc_create_block(rqstp, host, file, lock, cookie); > > > if (block == NULL) { > > > kfree(conf); > > > return nlm_granted; > > > > > > To be frankly I don't know what this is about, but shouldn't conf be > > > freed if host == NULL? > > > > Thanks for spotting this! > > > > Greg, should I resend this patch, or would you prefer an incremental > > fix? > > An incremental one would be best. > > thanks, > > greg k-h Please see the attachment. Cheers Trond --- Begin Message --- The recent fix for a circular lock dependency unfortunately introduced a potential memory leak in the event where the call to nlmsvc_lookup_host fails for some reason. Thanks to Roel Kluin for spotting this. Signed-off-by: Trond Myklebust <[EMAIL PROTECTED]> --- fs/lockd/svclock.c |4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/fs/lockd/svclock.c b/fs/lockd/svclock.c index d098c7a..d120ec3 100644 --- a/fs/lockd/svclock.c +++ b/fs/lockd/svclock.c @@ -485,8 +485,10 @@ nlmsvc_testlock(struct svc_rqst *rqstp, struct nlm_file *file, return nlm_granted; /* Create host handle for callback */ host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len); - if (host == NULL) + if (host == NULL) { + kfree(conf); return nlm_lck_denied_nolocks; + } block = nlmsvc_create_block(rqstp, host, file, lock, cookie); if (block == NULL) { kfree(conf); --- End Message ---
Re: [patch 08/12] NLM: Fix a circular lock dependency in lockd
On Tue, Oct 09, 2007 at 11:00:28AM -0400, Trond Myklebust wrote: > > On Mon, 2007-10-08 at 22:01 +0200, Roel Kluin wrote: > > Greg KH wrote: > > > > @@ -477,10 +479,15 @@ nlmsvc_testlock(struct svc_rqst *rqstp, > > > > if (block == NULL) { > > struct file_lock *conf = kzalloc(sizeof(*conf), GFP_KERNEL); > > + struct nlm_host *host; > > > > if (conf == NULL) > > return nlm_granted; > > - block = nlmsvc_create_block(rqstp, file, lock, cookie); > > + /* Create host handle for callback */ > > + host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len); > > + if (host == NULL) > > + return nlm_lck_denied_nolocks; > > + block = nlmsvc_create_block(rqstp, host, file, lock, cookie); > > if (block == NULL) { > > kfree(conf); > > return nlm_granted; > > > > To be frankly I don't know what this is about, but shouldn't conf be freed > > if host == NULL? > > Thanks for spotting this! > > Greg, should I resend this patch, or would you prefer an incremental > fix? An incremental one would be best. thanks, greg k-h - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [patch 08/12] NLM: Fix a circular lock dependency in lockd
On Mon, 2007-10-08 at 22:01 +0200, Roel Kluin wrote: > Greg KH wrote: > > @@ -477,10 +479,15 @@ nlmsvc_testlock(struct svc_rqst *rqstp, > > if (block == NULL) { > struct file_lock *conf = kzalloc(sizeof(*conf), GFP_KERNEL); > + struct nlm_host *host; > > if (conf == NULL) > return nlm_granted; > - block = nlmsvc_create_block(rqstp, file, lock, cookie); > + /* Create host handle for callback */ > + host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len); > + if (host == NULL) > + return nlm_lck_denied_nolocks; > + block = nlmsvc_create_block(rqstp, host, file, lock, cookie); > if (block == NULL) { > kfree(conf); > return nlm_granted; > > To be frankly I don't know what this is about, but shouldn't conf be freed if > host == NULL? Thanks for spotting this! Greg, should I resend this patch, or would you prefer an incremental fix? Cheers Trond - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [patch 08/12] NLM: Fix a circular lock dependency in lockd
On Mon, 2007-10-08 at 22:01 +0200, Roel Kluin wrote: Greg KH wrote: @@ -477,10 +479,15 @@ nlmsvc_testlock(struct svc_rqst *rqstp, if (block == NULL) { struct file_lock *conf = kzalloc(sizeof(*conf), GFP_KERNEL); + struct nlm_host *host; if (conf == NULL) return nlm_granted; - block = nlmsvc_create_block(rqstp, file, lock, cookie); + /* Create host handle for callback */ + host = nlmsvc_lookup_host(rqstp, lock-caller, lock-len); + if (host == NULL) + return nlm_lck_denied_nolocks; + block = nlmsvc_create_block(rqstp, host, file, lock, cookie); if (block == NULL) { kfree(conf); return nlm_granted; To be frankly I don't know what this is about, but shouldn't conf be freed if host == NULL? Thanks for spotting this! Greg, should I resend this patch, or would you prefer an incremental fix? Cheers Trond - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [patch 08/12] NLM: Fix a circular lock dependency in lockd
On Tue, Oct 09, 2007 at 11:00:28AM -0400, Trond Myklebust wrote: On Mon, 2007-10-08 at 22:01 +0200, Roel Kluin wrote: Greg KH wrote: @@ -477,10 +479,15 @@ nlmsvc_testlock(struct svc_rqst *rqstp, if (block == NULL) { struct file_lock *conf = kzalloc(sizeof(*conf), GFP_KERNEL); + struct nlm_host *host; if (conf == NULL) return nlm_granted; - block = nlmsvc_create_block(rqstp, file, lock, cookie); + /* Create host handle for callback */ + host = nlmsvc_lookup_host(rqstp, lock-caller, lock-len); + if (host == NULL) + return nlm_lck_denied_nolocks; + block = nlmsvc_create_block(rqstp, host, file, lock, cookie); if (block == NULL) { kfree(conf); return nlm_granted; To be frankly I don't know what this is about, but shouldn't conf be freed if host == NULL? Thanks for spotting this! Greg, should I resend this patch, or would you prefer an incremental fix? An incremental one would be best. thanks, greg k-h - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [patch 08/12] NLM: Fix a circular lock dependency in lockd
On Tue, 2007-10-09 at 08:13 -0700, Greg KH wrote: On Tue, Oct 09, 2007 at 11:00:28AM -0400, Trond Myklebust wrote: On Mon, 2007-10-08 at 22:01 +0200, Roel Kluin wrote: Greg KH wrote: @@ -477,10 +479,15 @@ nlmsvc_testlock(struct svc_rqst *rqstp, if (block == NULL) { struct file_lock *conf = kzalloc(sizeof(*conf), GFP_KERNEL); + struct nlm_host *host; if (conf == NULL) return nlm_granted; - block = nlmsvc_create_block(rqstp, file, lock, cookie); + /* Create host handle for callback */ + host = nlmsvc_lookup_host(rqstp, lock-caller, lock-len); + if (host == NULL) + return nlm_lck_denied_nolocks; + block = nlmsvc_create_block(rqstp, host, file, lock, cookie); if (block == NULL) { kfree(conf); return nlm_granted; To be frankly I don't know what this is about, but shouldn't conf be freed if host == NULL? Thanks for spotting this! Greg, should I resend this patch, or would you prefer an incremental fix? An incremental one would be best. thanks, greg k-h Please see the attachment. Cheers Trond ---BeginMessage--- The recent fix for a circular lock dependency unfortunately introduced a potential memory leak in the event where the call to nlmsvc_lookup_host fails for some reason. Thanks to Roel Kluin for spotting this. Signed-off-by: Trond Myklebust [EMAIL PROTECTED] --- fs/lockd/svclock.c |4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/fs/lockd/svclock.c b/fs/lockd/svclock.c index d098c7a..d120ec3 100644 --- a/fs/lockd/svclock.c +++ b/fs/lockd/svclock.c @@ -485,8 +485,10 @@ nlmsvc_testlock(struct svc_rqst *rqstp, struct nlm_file *file, return nlm_granted; /* Create host handle for callback */ host = nlmsvc_lookup_host(rqstp, lock-caller, lock-len); - if (host == NULL) + if (host == NULL) { + kfree(conf); return nlm_lck_denied_nolocks; + } block = nlmsvc_create_block(rqstp, host, file, lock, cookie); if (block == NULL) { kfree(conf); ---End Message---
Re: [stable] [patch 08/12] NLM: Fix a circular lock dependency in lockd
On Tue, Oct 09, 2007 at 11:27:57AM -0400, Trond Myklebust wrote: Please see the attachment. Thanks, I've applied this to the tree. greg k-h - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [patch 08/12] NLM: Fix a circular lock dependency in lockd
Greg KH wrote: @@ -477,10 +479,15 @@ nlmsvc_testlock(struct svc_rqst *rqstp, if (block == NULL) { struct file_lock *conf = kzalloc(sizeof(*conf), GFP_KERNEL); + struct nlm_host *host; if (conf == NULL) return nlm_granted; - block = nlmsvc_create_block(rqstp, file, lock, cookie); + /* Create host handle for callback */ + host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len); + if (host == NULL) + return nlm_lck_denied_nolocks; + block = nlmsvc_create_block(rqstp, host, file, lock, cookie); if (block == NULL) { kfree(conf); return nlm_granted; To be frankly I don't know what this is about, but shouldn't conf be freed if host == NULL? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[patch 08/12] NLM: Fix a circular lock dependency in lockd
From: Trond Myklebust <[EMAIL PROTECTED]> commit 255129d1e9ca0ed3d69d5517fae3e03d7ab4b806 in upstream. The problem is that the garbage collector for the 'host' structures nlm_gc_hosts(), holds nlm_host_mutex while calling down to nlmsvc_mark_resources, which, eventually takes the file->f_mutex. We cannot therefore call nlmsvc_lookup_host() from within nlmsvc_create_block, since the caller will already hold file->f_mutex, so the attempt to grab nlm_host_mutex may deadlock. Fix the problem by calling nlmsvc_lookup_host() outside the file->f_mutex. Signed-off-by: Trond Myklebust <[EMAIL PROTECTED]> Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]> Signed-off-by: Greg Kroah-Hartman <[EMAIL PROTECTED]> --- fs/lockd/svclock.c | 29 ++--- 1 file changed, 18 insertions(+), 11 deletions(-) --- a/fs/lockd/svclock.c +++ b/fs/lockd/svclock.c @@ -171,19 +171,14 @@ found: * GRANTED_RES message by cookie, without having to rely on the client's IP * address. --okir */ -static inline struct nlm_block * -nlmsvc_create_block(struct svc_rqst *rqstp, struct nlm_file *file, - struct nlm_lock *lock, struct nlm_cookie *cookie) +static struct nlm_block * +nlmsvc_create_block(struct svc_rqst *rqstp, struct nlm_host *host, + struct nlm_file *file, struct nlm_lock *lock, + struct nlm_cookie *cookie) { struct nlm_block*block; - struct nlm_host *host; struct nlm_rqst *call = NULL; - /* Create host handle for callback */ - host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len); - if (host == NULL) - return NULL; - call = nlm_alloc_call(host); if (call == NULL) return NULL; @@ -366,6 +361,7 @@ nlmsvc_lock(struct svc_rqst *rqstp, stru struct nlm_lock *lock, int wait, struct nlm_cookie *cookie) { struct nlm_block*block = NULL; + struct nlm_host *host; int error; __be32 ret; @@ -377,6 +373,10 @@ nlmsvc_lock(struct svc_rqst *rqstp, stru (long long)lock->fl.fl_end, wait); + /* Create host handle for callback */ + host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len); + if (host == NULL) + return nlm_lck_denied_nolocks; /* Lock file against concurrent access */ mutex_lock(>f_mutex); @@ -385,7 +385,8 @@ nlmsvc_lock(struct svc_rqst *rqstp, stru */ block = nlmsvc_lookup_block(file, lock); if (block == NULL) { - block = nlmsvc_create_block(rqstp, file, lock, cookie); + block = nlmsvc_create_block(rqstp, nlm_get_host(host), file, + lock, cookie); ret = nlm_lck_denied_nolocks; if (block == NULL) goto out; @@ -449,6 +450,7 @@ nlmsvc_lock(struct svc_rqst *rqstp, stru out: mutex_unlock(>f_mutex); nlmsvc_release_block(block); + nlm_release_host(host); dprintk("lockd: nlmsvc_lock returned %u\n", ret); return ret; } @@ -477,10 +479,15 @@ nlmsvc_testlock(struct svc_rqst *rqstp, if (block == NULL) { struct file_lock *conf = kzalloc(sizeof(*conf), GFP_KERNEL); + struct nlm_host *host; if (conf == NULL) return nlm_granted; - block = nlmsvc_create_block(rqstp, file, lock, cookie); + /* Create host handle for callback */ + host = nlmsvc_lookup_host(rqstp, lock->caller, lock->len); + if (host == NULL) + return nlm_lck_denied_nolocks; + block = nlmsvc_create_block(rqstp, host, file, lock, cookie); if (block == NULL) { kfree(conf); return nlm_granted; -- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[patch 08/12] NLM: Fix a circular lock dependency in lockd
From: Trond Myklebust [EMAIL PROTECTED] commit 255129d1e9ca0ed3d69d5517fae3e03d7ab4b806 in upstream. The problem is that the garbage collector for the 'host' structures nlm_gc_hosts(), holds nlm_host_mutex while calling down to nlmsvc_mark_resources, which, eventually takes the file-f_mutex. We cannot therefore call nlmsvc_lookup_host() from within nlmsvc_create_block, since the caller will already hold file-f_mutex, so the attempt to grab nlm_host_mutex may deadlock. Fix the problem by calling nlmsvc_lookup_host() outside the file-f_mutex. Signed-off-by: Trond Myklebust [EMAIL PROTECTED] Signed-off-by: Linus Torvalds [EMAIL PROTECTED] Signed-off-by: Greg Kroah-Hartman [EMAIL PROTECTED] --- fs/lockd/svclock.c | 29 ++--- 1 file changed, 18 insertions(+), 11 deletions(-) --- a/fs/lockd/svclock.c +++ b/fs/lockd/svclock.c @@ -171,19 +171,14 @@ found: * GRANTED_RES message by cookie, without having to rely on the client's IP * address. --okir */ -static inline struct nlm_block * -nlmsvc_create_block(struct svc_rqst *rqstp, struct nlm_file *file, - struct nlm_lock *lock, struct nlm_cookie *cookie) +static struct nlm_block * +nlmsvc_create_block(struct svc_rqst *rqstp, struct nlm_host *host, + struct nlm_file *file, struct nlm_lock *lock, + struct nlm_cookie *cookie) { struct nlm_block*block; - struct nlm_host *host; struct nlm_rqst *call = NULL; - /* Create host handle for callback */ - host = nlmsvc_lookup_host(rqstp, lock-caller, lock-len); - if (host == NULL) - return NULL; - call = nlm_alloc_call(host); if (call == NULL) return NULL; @@ -366,6 +361,7 @@ nlmsvc_lock(struct svc_rqst *rqstp, stru struct nlm_lock *lock, int wait, struct nlm_cookie *cookie) { struct nlm_block*block = NULL; + struct nlm_host *host; int error; __be32 ret; @@ -377,6 +373,10 @@ nlmsvc_lock(struct svc_rqst *rqstp, stru (long long)lock-fl.fl_end, wait); + /* Create host handle for callback */ + host = nlmsvc_lookup_host(rqstp, lock-caller, lock-len); + if (host == NULL) + return nlm_lck_denied_nolocks; /* Lock file against concurrent access */ mutex_lock(file-f_mutex); @@ -385,7 +385,8 @@ nlmsvc_lock(struct svc_rqst *rqstp, stru */ block = nlmsvc_lookup_block(file, lock); if (block == NULL) { - block = nlmsvc_create_block(rqstp, file, lock, cookie); + block = nlmsvc_create_block(rqstp, nlm_get_host(host), file, + lock, cookie); ret = nlm_lck_denied_nolocks; if (block == NULL) goto out; @@ -449,6 +450,7 @@ nlmsvc_lock(struct svc_rqst *rqstp, stru out: mutex_unlock(file-f_mutex); nlmsvc_release_block(block); + nlm_release_host(host); dprintk(lockd: nlmsvc_lock returned %u\n, ret); return ret; } @@ -477,10 +479,15 @@ nlmsvc_testlock(struct svc_rqst *rqstp, if (block == NULL) { struct file_lock *conf = kzalloc(sizeof(*conf), GFP_KERNEL); + struct nlm_host *host; if (conf == NULL) return nlm_granted; - block = nlmsvc_create_block(rqstp, file, lock, cookie); + /* Create host handle for callback */ + host = nlmsvc_lookup_host(rqstp, lock-caller, lock-len); + if (host == NULL) + return nlm_lck_denied_nolocks; + block = nlmsvc_create_block(rqstp, host, file, lock, cookie); if (block == NULL) { kfree(conf); return nlm_granted; -- - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [patch 08/12] NLM: Fix a circular lock dependency in lockd
Greg KH wrote: @@ -477,10 +479,15 @@ nlmsvc_testlock(struct svc_rqst *rqstp, if (block == NULL) { struct file_lock *conf = kzalloc(sizeof(*conf), GFP_KERNEL); + struct nlm_host *host; if (conf == NULL) return nlm_granted; - block = nlmsvc_create_block(rqstp, file, lock, cookie); + /* Create host handle for callback */ + host = nlmsvc_lookup_host(rqstp, lock-caller, lock-len); + if (host == NULL) + return nlm_lck_denied_nolocks; + block = nlmsvc_create_block(rqstp, host, file, lock, cookie); if (block == NULL) { kfree(conf); return nlm_granted; To be frankly I don't know what this is about, but shouldn't conf be freed if host == NULL? - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/