Re: [PATCH v3] lockd: pin next file across nlm_inspect_file lock-drop

Next message: Guenter Roeck: "Re: [PATCH] hwmon: (nct6683) Add support for ASRock Z890 Pro-A"
Previous message: Guenter Roeck: "Re: [PATCH] hwmon: (adt7475) Add explicit header include"
In reply to: Michael Bommarito: "[PATCH v3] lockd: pin next file across nlm_inspect_file lock-drop"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Chuck Lever

Date: Sun May 24 2026 - 11:31:03 EST

From: Chuck Lever <chuck.lever@xxxxxxxxxx>

On Sun, 24 May 2026 07:55:27 -0400, Michael Bommarito wrote:
> nlm_traverse_files() pins the current file with f_count++ across
> a mutex_unlock for nlm_inspect_file(), but nothing pins the saved
> next pointer. A concurrent nlm_release_file() can kfree the next
> file during the unlock window, and the iterator dereferences freed
> memory on the next loop step.
>
> Pin both current and next before the lock-drop. Advance by
> swapping the pinned cursors at the end of each iteration so next
> is always held alive across the unlock.
>
> [...]

Applied to nfsd-testing, thanks!

[1/1] lockd: pin next file across nlm_inspect_file lock-drop
commit: 925b64e5fb12ad6517ff7c6729bf2fba7485f42c

--
Chuck Lever <chuck.lever@xxxxxxxxxx>