[linux-cifs-client] [PATCH] CIFS: fix bad test in cifs_lock for unlocks on non-posix mounts

Jeff Layton jlayton at redhat.com
Tue Aug 21 17:12:27 GMT 2007


On a mount without posix extensions enabled, when an unlock request is
made, the client can release more than is intended. To reproduce, on a
CIFS mount without posix extensions enabled:

1) open file
2) do fcntl lock: start=0 len=1
3) do fcntl lock: start=2 len=1
4) do fcntl unlock: start=0 len=1

...on the unlock call the client sends an unlock request to the server
for both locks. The problem is a bad test in cifs_lock. The following
patch fixed the reproducer but I haven't done any testing beyond that.

Signed-off-by: Jeff Layton <jlayton at redhat.com>

diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index 894b1f7..f9bd8b8 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -767,7 +767,8 @@ int cifs_lock(struct file *file, int cmd, struct file_lock *pfLock)
 			mutex_lock(&fid->lock_mutex);
 			list_for_each_entry_safe(li, tmp, &fid->llist, llist) {
 				if (pfLock->fl_start <= li->offset &&
-						length >= li->length) {
+						(pflock->fl_start + length) >=
+						(li->offset + li->length)) {
 					stored_rc = CIFSSMBLock(xid, pTcon,
 							netfid,
 							li->length, li->offset,


More information about the linux-cifs-client mailing list