[CIFS] Byte range unlock request to non-Unix server can unlock too much

On a mount without posix extensions enabled, when an unlock request is made, the client can release more than is intended. To reproduce, on a CIFS mount without posix extensions enabled: 1) open file 2) do fcntl lock: start=0 len=1 3) do fcntl lock: start=2 len=1 4) do fcntl unlock: start=0 len=1 ...on the unlock call the client sends an unlock request to the server for both locks. The problem is a bad test in cifs_lock. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
author: Jeff Layton <jlayton@redhat.com> 2007-08-24 03:16:51 +0000
committer: Steve French <sfrench@us.ibm.com> 2007-08-24 03:16:51 +0000
commit: 39db810cb6c1e7d1f2e43ae38b437b7ee72fe815 (patch)
tree: 049b895e905cddeec0580388b636ca965b90ec8a /fs/cifs/file.c
parent: 95ba7362105646523ee712fd252ec2e34ccbec15 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index 894b1f7b299..f9bd8b83f40 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -767,7 +767,8 @@ int cifs_lock(struct file *file, int cmd, struct file_lock *pfLock)
 			mutex_lock(&fid->lock_mutex);
 			list_for_each_entry_safe(li, tmp, &fid->llist, llist) {
 				if (pfLock->fl_start <= li->offset &&
-						length >= li->length) {
+						(pflock->fl_start + length) >=
+						(li->offset + li->length)) {
 					stored_rc = CIFSSMBLock(xid, pTcon,
 							netfid,
 							li->length, li->offset,
author	Jeff Layton <jlayton@redhat.com>	2007-08-24 03:16:51 +0000
committer	Steve French <sfrench@us.ibm.com>	2007-08-24 03:16:51 +0000
commit	39db810cb6c1e7d1f2e43ae38b437b7ee72fe815 (patch)
tree	049b895e905cddeec0580388b636ca965b90ec8a /fs/cifs/file.c
parent	95ba7362105646523ee712fd252ec2e34ccbec15 (diff)