Noticed by inspection... On a fcntl unlock request CIFS walks the list of SMB locks on a file and unlocks any that fall completely within the unlock range. The test used is bogus though: if (pfLock->fl_start <= li->offset && length >= li->length) { ...this should be: if (pfLock->fl_start <= li->offset && (pflock->fl_start + length) >= (li->offset + li->length)) {
Trivial reproducer: open file lock: start=0 len=1 lock: start=2 len=1 unlock: start=0 len=1 ...on the unlock, the client sends an unlock request to the server for both locks even though the unlock range doesn't come near the second lock.
Created attachment 161991 [details] proposed patch Proposed patch that I sent to linux-cifs-client list.
Patch is now applied upstream and should make it into 2.6.24.