From 39db810cb6c1e7d1f2e43ae38b437b7ee72fe815 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Fri, 24 Aug 2007 03:16:51 +0000 Subject: [PATCH] [CIFS] Byte range unlock request to non-Unix server can unlock too much On a mount without posix extensions enabled, when an unlock request is made, the client can release more than is intended. To reproduce, on a CIFS mount without posix extensions enabled: 1) open file 2) do fcntl lock: start=0 len=1 3) do fcntl lock: start=2 len=1 4) do fcntl unlock: start=0 len=1 ...on the unlock call the client sends an unlock request to the server for both locks. The problem is a bad test in cifs_lock. Signed-off-by: Jeff Layton Signed-off-by: Steve French --- fs/cifs/CHANGES | 5 ++++- fs/cifs/file.c | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES index bed6215c0794..41e3b6a9397c 100644 --- a/fs/cifs/CHANGES +++ b/fs/cifs/CHANGES @@ -6,7 +6,10 @@ done with "serverino" mount option). Add support for POSIX Unlink Samba supports newer POSIX CIFS Protocol Extensions). Add "nounix" mount option to allow disabling the CIFS Unix Extensions for just that mount. Fix hang on spinlock in find_writable_file (race when -reopening file after session crash). +reopening file after session crash). Byte range unlock request to +windows server could unlock more bytes (on server copy of file) +than intended if start of unlock request is well before start of +a previous byte range lock that we issued. Version 1.49 ------------ diff --git a/fs/cifs/file.c b/fs/cifs/file.c index 894b1f7b299d..f9bd8b83f40e 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -767,7 +767,8 @@ int cifs_lock(struct file *file, int cmd, struct file_lock *pfLock) mutex_lock(&fid->lock_mutex); list_for_each_entry_safe(li, tmp, &fid->llist, llist) { if (pfLock->fl_start <= li->offset && - length >= li->length) { + (pflock->fl_start + length) >= + (li->offset + li->length)) { stored_rc = CIFSSMBLock(xid, pTcon, netfid, li->length, li->offset, -- GitLab