Return-Path: Received: from mail-wg0-f46.google.com ([74.125.82.46]:33601 "EHLO mail-wg0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754395AbbGJP5S (ORCPT ); Fri, 10 Jul 2015 11:57:18 -0400 MIME-Version: 1.0 In-Reply-To: <20150710110255.66fc6452@tlielax.poochiereds.net> References: <1435687950-22037-1-git-send-email-jeff.layton@primarydata.com> <20150701093547.116dd788@tlielax.poochiereds.net> <20150702060827.66fc27f1@tlielax.poochiereds.net> <20150710110255.66fc6452@tlielax.poochiereds.net> From: William Dauchy Date: Fri, 10 Jul 2015 17:56:57 +0200 Message-ID: Subject: Re: [PATCH] nfs: take extra reference to fl->fl_file when running a LOCKU operation To: Jeff Layton Cc: Trond Myklebust , Jean Spector , Linux NFS mailing list , stable@vger.kernel.org, Sasha Levin Content-Type: text/plain; charset=UTF-8 Sender: linux-nfs-owner@vger.kernel.org List-ID: On Fri, Jul 10, 2015 at 5:02 PM, Jeff Layton wrote: > So, William has done some testing and hit some problems with this > patch. I suspect that it's because we can end up running an unlock > after the filp->f_count has already gone to zero and are in __fput, so > we take an extra reference and end up with a use-after-free. > > I think it'd be best to revert this patch from all kernels for now > (mainline and stable). I don't think the one that changes the setlk > codepath is susceptible to this, but it's probably fine to hold off on > applying both until I can sort out a better way to fix this one. I also think it's safer to revert both of them. -- William