diff options
| author | Thiago Rafael Becker <thiago.becker@gmail.com> | 2017-12-14 15:33:12 -0800 |
|---|---|---|
| committer | Sasha Levin <alexander.levin@microsoft.com> | 2018-02-28 19:32:19 -0500 |
| commit | c1026402b6f55e5a8717e0041df8f276414dca5c (patch) | |
| tree | b69e040b1a50ed4a3d8ede7752189f0c00169349 /fs | |
| parent | 47fd9ca937d0cef8c51ea4571c6febf6eb767095 (diff) | |
kernel: make groups_sort calling a responsibility group_info allocators
[ Upstream commit bdcf0a423ea1c40bbb40e7ee483b50fc8aa3d758 ]
In testing, we found that nfsd threads may call set_groups in parallel
for the same entry cached in auth.unix.gid, racing in the call of
groups_sort, corrupting the groups for that entry and leading to
permission denials for the client.
This patch:
- Make groups_sort globally visible.
- Move the call to groups_sort to the modifiers of group_info
- Remove the call to groups_sort from set_groups
Link: http://lkml.kernel.org/r/20171211151420.18655-1-thiago.becker@gmail.com
Signed-off-by: Thiago Rafael Becker <thiago.becker@gmail.com>
Reviewed-by: Matthew Wilcox <mawilcox@microsoft.com>
Reviewed-by: NeilBrown <neilb@suse.com>
Acked-by: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/nfsd/auth.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index 9d46a0bdd9f9..a260060042ad 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c @@ -59,6 +59,9 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp) GROUP_AT(gi, i) = exp->ex_anon_gid; else GROUP_AT(gi, i) = GROUP_AT(rqgi, i); + + /* Each thread allocates its own gi, no race */ + groups_sort(gi); } } else { gi = get_group_info(rqgi); |