[JAUNTY SRU] LP#317274 [CIFS] revalidate parent inode when rmdir done within that directory

Stefan Bader stefan.bader at canonical.com
Fri Jun 19 15:01:02 UTC 2009 

Manoj Iyer wrote:
> SRU JUSTIFICATION:
> 
> IMPACT: removed directories in cifs mounted share can still appear within 
> application calls. This could potentially be a security issue?
> 
> FIX: A patch from Steve French fixes the problem, [CIFS] revalidate parent 
> inode when rmdir done within that directory
> 
> TEST: Originator of the bug tested the kernel in 
> http://people.ubuntu.com/~manjo/lp317274-jaunty  and reported to work.
> 
> The following changes since commit 
> 8d6d84357a3631767f391571e8741c95d829a92d:
>    Stefan Bader (1):
>          UBUNTU: Forgotten update to control files
> 
> are available in the git repository at:
> 
>    git://kernel.ubuntu.com/manjo/ubuntu-jaunty.git lp317274
> 
> Steve French (1):
>        [CIFS] revalidate parent inode when rmdir done within that directory
> 
>   fs/cifs/CHANGES |   17 +++++++++++++----
>   fs/cifs/inode.c |    5 +++++
>   2 files changed, 18 insertions(+), 4 deletions(-)
> From d346ef69d9c239884ac40234ab4b6fcecd4590cd Mon Sep 17 00:00:00 2001
> From: Steve French <sfrench at us.ibm.com>
> Date: Tue, 13 Jan 2009 22:03:55 +0000
> Subject: [PATCH] [CIFS] revalidate parent inode when rmdir done within that directory
> 
> When a search is pending of a parent directory, and a child directory
> within it is removed, we need to reset the parent directory's time
> so that we don't reuse the (now stale) search results.
> 
> Thanks to Gunter Kukkukk for reporting this:
> 
>> got the following failure notification on irc #samba:
>>
>> A user was updating from subversion 1.4 to 1.5, where the
>> repository is located on a samba share (independent of
>> unix extensions = Yes or No).
>> svn 1.4 did work, 1.5 does not.
>>
>> The user did a lot of stracing of subversion - and wrote a
>> testapplet to simulate the failing behaviour.
>> I've converted the C++ source to C and added some error cases.
>>
>> When using "./testdir" on a local file system, "result2"
>> is always (nil) as expected - cifs vfs behaves different here!
>>
>>   ./testdir /mnt/cifs/mounted/share
>>
>> returns a (failing) valid pointer.
> 
> Acked-by: Dave Kleikamp <shaggy at us.ibm.com>
> Acked-by: Jeff Layton <jlayton at redhat.com>
> Signed-off-by: Steve French <sfrench at us.ibm.com>
> Signed-off-by: Manoj Iyer <manoj.iyer at canonical.com>
> 
> BugLink: https://bugs.launchpad.net/ubuntu/jaunty/+source/linux/+bug/317274
> ---
>   fs/cifs/CHANGES |   17 +++++++++++++----
>   fs/cifs/inode.c |    5 +++++
>   2 files changed, 18 insertions(+), 4 deletions(-)
> 
> diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
> index 3c8b48d..34ce975 100644
> --- a/fs/cifs/CHANGES
> +++ b/fs/cifs/CHANGES
> @@ -1,7 +1,16 @@
> -Fix oops in cifs_dfs_ref.c when prefixpath is not reachable when using DFS.
> -Fix "redzone overwritten" bug in cifs_put_tcon (CIFSTcon may allocate too
> -little memory for the "nativeFileSystem" field returned by the server
> -during mount).
> +Version 1.56
> +------------
> +Add "forcemandatorylock" mount option to allow user to use mandatory
> +rather than posix (advisory) byte range locks, even though server would
> +support posix byte range locks.  Fix query of root inode when prefixpath
> +specified and user does not have access to query information about the
> +top of the share.  Fix problem in 2.6.28 resolving DFS paths to
> +Samba servers (worked to Windows).  Fix rmdir so that pending search
> +(readdir) requests do not get invalid results which include the now
> +removed directory.  Fix oops in cifs_dfs_ref.c when prefixpath is not reachable 
> +when using DFS. Add better file create support to servers which support
> +the CIFS POSIX protocol extensions (this adds support for new flags
> +on create, and improves semantics for write of locked ranges).
> 
>   Version 1.55
>   ------------
> diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
> index ff8c68d..1949b26 100644
> --- a/fs/cifs/inode.c
> +++ b/fs/cifs/inode.c
> @@ -1237,6 +1237,11 @@ int cifs_rmdir(struct inode *inode, struct dentry *direntry)
>   	cifsInode = CIFS_I(direntry->d_inode);
>   	cifsInode->time = 0;	/* force revalidate to go get info when
>   				   needed */
> +
> +	cifsInode = CIFS_I(inode);
> +	cifsInode->time = 0;	/* force revalidate to get parent dir info
> +				   since cached search results now invalid */
> +
>   	direntry->d_inode->i_ctime = inode->i_ctime = inode->i_mtime =
>   		current_fs_time(inode->i_sb);
> 
Applied

-- 

When all other means of communication fail, try words!

More information about the kernel-team mailing list