2016-06-15 20:06:04

by Trond Myklebust

Subject: [PATCH] NFS: Fix potential race in nfs_fhget()

If we don't set the mode correctly in nfs_init_locked(), then there is
potential for a race with a second call to nfs_fhget that will cause
inode aliasing.

Signed-off-by: Trond Myklebust <[email protected]>
---
fs/nfs/inode.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
index 52e7d6869e3b..dda689d7a8a7 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
@@ -282,6 +282,7 @@ nfs_init_locked(struct inode *inode, void *opaque)
struct nfs_fattr *fattr = desc->fattr;

set_nfs_fileid(inode, fattr->fileid);
+ inode->i_mode = fattr->mode;
nfs_copy_fh(NFS_FH(inode), desc->fh);
return 0;
}
--
2.5.5

2016-06-16 14:04:19

by Jeff Layton

Subject: Re: [PATCH] NFS: Fix potential race in nfs_fhget()

On Wed, 2016-06-15 at 16:05 -0400, Trond Myklebust wrote:
> If we don't set the mode correctly in nfs_init_locked(), then there
> is
> potential for a race with a second call to nfs_fhget that will cause
> inode aliasing.
>
> Signed-off-by: Trond Myklebust <[email protected]>
> ---
>  fs/nfs/inode.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
> index 52e7d6869e3b..dda689d7a8a7 100644
> --- a/fs/nfs/inode.c
> +++ b/fs/nfs/inode.c
> @@ -282,6 +282,7 @@ nfs_init_locked(struct inode *inode, void
> *opaque)
>   struct nfs_fattr *fattr = desc->fattr;
>  
>   set_nfs_fileid(inode, fattr->fileid);
> + inode->i_mode = fattr->mode;
>   nfs_copy_fh(NFS_FH(inode), desc->fh);
>   return 0;
>  }

Good catch!

Reviewed-by: Jeff Layton <[email protected]>