From: John L. Hammond Date: Tue, 16 Aug 2016 20:19:25 +0000 (-0400) Subject: staging: lustre: obd: validate open handle cookies X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=8015e1808718ffd3d8bb983d7148f5782db297f2;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git staging: lustre: obd: validate open handle cookies Add a const void *h_owner member to struct portals_handle. Add a const void *owner parameter to class_handle2object() which must be matched by the h_owner member of the handle in addition to the cookie. Signed-off-by: John L. Hammond Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-3233 Reviewed-on: http://review.whamcloud.com/6938 Reviewed-by: Andreas Dilger Reviewed-by: Fan Yong Reviewed-by: Mike Pershin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/lustre/lustre/include/lustre_handles.h b/drivers/staging/lustre/lustre/include/lustre_handles.h index 1a63a6b9e116..bc1dd4660151 100644 --- a/drivers/staging/lustre/lustre/include/lustre_handles.h +++ b/drivers/staging/lustre/lustre/include/lustre_handles.h @@ -66,6 +66,7 @@ struct portals_handle_ops { struct portals_handle { struct list_head h_link; __u64 h_cookie; + const void *h_owner; struct portals_handle_ops *h_ops; /* newly added fields to handle the RCU issue. -jxiong */ @@ -83,7 +84,7 @@ struct portals_handle { void class_handle_hash(struct portals_handle *, struct portals_handle_ops *ops); void class_handle_unhash(struct portals_handle *); -void *class_handle2object(__u64 cookie); +void *class_handle2object(__u64 cookie, const void *owner); void class_handle_free_cb(struct rcu_head *rcu); int class_handle_init(void); void class_handle_cleanup(void); diff --git a/drivers/staging/lustre/lustre/ldlm/ldlm_lock.c b/drivers/staging/lustre/lustre/ldlm/ldlm_lock.c index a91cdb4a1e7a..7a34caf30fa8 100644 --- a/drivers/staging/lustre/lustre/ldlm/ldlm_lock.c +++ b/drivers/staging/lustre/lustre/ldlm/ldlm_lock.c @@ -542,7 +542,7 @@ struct ldlm_lock *__ldlm_handle2lock(const struct lustre_handle *handle, LASSERT(handle); - lock = class_handle2object(handle->cookie); + lock = class_handle2object(handle->cookie, NULL); if (!lock) return NULL; diff --git a/drivers/staging/lustre/lustre/obdclass/genops.c b/drivers/staging/lustre/lustre/obdclass/genops.c index be25434c0955..a739eb1cc2de 100644 --- a/drivers/staging/lustre/lustre/obdclass/genops.c +++ b/drivers/staging/lustre/lustre/obdclass/genops.c @@ -618,7 +618,7 @@ struct obd_export *class_conn2export(struct lustre_handle *conn) } CDEBUG(D_INFO, "looking for export cookie %#llx\n", conn->cookie); - export = class_handle2object(conn->cookie); + export = class_handle2object(conn->cookie, NULL); return export; } EXPORT_SYMBOL(class_conn2export); diff --git a/drivers/staging/lustre/lustre/obdclass/lustre_handles.c b/drivers/staging/lustre/lustre/obdclass/lustre_handles.c index 082f530c527c..7ca68ae7e622 100644 --- a/drivers/staging/lustre/lustre/obdclass/lustre_handles.c +++ b/drivers/staging/lustre/lustre/obdclass/lustre_handles.c @@ -130,7 +130,7 @@ void class_handle_unhash(struct portals_handle *h) } EXPORT_SYMBOL(class_handle_unhash); -void *class_handle2object(__u64 cookie) +void *class_handle2object(__u64 cookie, const void *owner) { struct handle_bucket *bucket; struct portals_handle *h; @@ -145,7 +145,7 @@ void *class_handle2object(__u64 cookie) rcu_read_lock(); list_for_each_entry_rcu(h, &bucket->head, h_link) { - if (h->h_cookie != cookie) + if (h->h_cookie != cookie || h->h_owner != owner) continue; spin_lock(&h->h_lock);