[PATCH] ocfs2: fix race between ocfs2_control_install_private() and ocfs2_control_release()

Next message: Lorenzo Stoakes: "Re: [PATCH] mm: delete stale comment about cachelines"
Previous message: Lorenzo Stoakes: "Re: [PATCH v2] mm_access: simplify the security checks"
Next in thread: Heming Zhao: "Re: [PATCH] ocfs2: fix race between ocfs2_control_install_private() and ocfs2_control_release()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Joseph Qi

Date: Mon Jun 01 2026 - 08:22:29 EST

Move atomic_inc(&ocfs2_control_opened) and the handshake state update
inside ocfs2_control_lock to close a race window where
ocfs2_control_release() can observe ocfs2_control_opened dropping to
zero (resetting ocfs2_control_this_node and running_proto) while
ocfs2_control_install_private() is about to bump the counter and mark
the connection valid.

Fixes: 3cfd4ab6b6b4 ("ocfs2: Add the local node id to the handshake.")
Reported-by: Ginger <ginger@xxxxxxxxx>
Signed-off-by: Joseph Qi <joseph.qi@xxxxxxxxxxxxxxxxx>
---
fs/ocfs2/stack_user.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/fs/ocfs2/stack_user.c b/fs/ocfs2/stack_user.c
index 5803f1dee679..91e19d33847c 100644
--- a/fs/ocfs2/stack_user.c
+++ b/fs/ocfs2/stack_user.c
@@ -327,18 +327,14 @@ static int ocfs2_control_install_private(struct file *file)
ocfs2_control_this_node = p->op_this_node;
running_proto.pv_major = p->op_proto.pv_major;
running_proto.pv_minor = p->op_proto.pv_minor;
- }
-
-out_unlock:
- mutex_unlock(&ocfs2_control_lock);
-
- if (!rc && set_p) {
- /* We set the global values successfully */
atomic_inc(&ocfs2_control_opened);
ocfs2_control_set_handshake_state(file,
OCFS2_CONTROL_HANDSHAKE_VALID);
}

+out_unlock:
+ mutex_unlock(&ocfs2_control_lock);
+
return rc;
}

--
2.39.3