Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9700382c authored by david m. richter's avatar david m. richter Committed by Linus Torvalds
Browse files

VFS: fix a race in lease-breaking during truncate 



It is possible that another process could acquire a new file lease right
after break_lease() is called during a truncate, but before lease-granting
is disabled by the subsequent get_write_access().  Merely switching the
order of the break_lease() and get_write_access() calls prevents this race.

Signed-off-by: default avatarDavid M. Richter <richterd@citi.umich.edu>
Signed-off-by: default avatar"J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 937472b0

fs/open.c

+9 −7
Original line number Diff line number Diff line
@@ -256,24 +256,26 @@ static long do_sys_truncate(const char __user * path, loff_t length) 
	if (IS_IMMUTABLE(inode) || IS_APPEND(inode))

		goto dput_and_out;



	/*

	 * Make sure that there are no leases.

	 */

	error = break_lease(inode, FMODE_WRITE);

	error = get_write_access(inode);

	if (error)

		goto dput_and_out;



	error = get_write_access(inode);

	/*

	 * Make sure that there are no leases.  get_write_access() protects

	 * against the truncate racing with a lease-granting setlease().

	 */

	error = break_lease(inode, FMODE_WRITE);

	if (error)

		goto dput_and_out;

		goto put_write_and_out;



	error = locks_verify_truncate(inode, NULL, length);

	if (!error) {

		DQUOT_INIT(inode);

		error = do_truncate(nd.dentry, length, 0, NULL);

	}

	put_write_access(inode);



put_write_and_out:

	put_write_access(inode);

dput_and_out:

	path_release(&nd);

out: