[CIFS] Byte range unlock request to non-Unix server can unlock too much

On a mount without posix extensions enabled, when an unlock request is made, the client can release more than is intended. To reproduce, on a CIFS mount without posix extensions enabled: 1) open file 2) do fcntl lock: start=0 len=1 3) do fcntl lock: start=2 len=1 4) do fcntl unlock: start=0 len=1 ...on the unlock call the client sends an unlock request to the server for both locks. The problem is a bad test in cifs_lock. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
git-mirror · Aug 24, 2007 · 39db810 · 39db810
1 parent 95ba736
commit 39db810
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
@@ -6,7 +6,10 @@ done with "serverino" mount option).  Add support for POSIX Unlink
 Samba supports newer POSIX CIFS Protocol Extensions). Add "nounix"
 mount option to allow disabling the CIFS Unix Extensions for just
 that mount. Fix hang on spinlock in find_writable_file (race when
-reopening file after session crash).
+reopening file after session crash).  Byte range unlock request to
+windows server could unlock more bytes (on server copy of file)
+than intended if start of unlock request is well before start of
+a previous byte range lock that we issued.
 
 Version 1.49
 ------------

diff --git a/fs/cifs/file.c b/fs/cifs/file.c
@@ -767,7 +767,8 @@ int cifs_lock(struct file *file, int cmd, struct file_lock *pfLock)
 			mutex_lock(&fid->lock_mutex);
 			list_for_each_entry_safe(li, tmp, &fid->llist, llist) {
 				if (pfLock->fl_start <= li->offset &&
-						length >= li->length) {
+						(pflock->fl_start + length) >=
+						(li->offset + li->length)) {
 					stored_rc = CIFSSMBLock(xid, pTcon,
 							netfid,
 							li->length, li->offset,