diff options
| author | Yan, Zheng <zyan@redhat.com> | 2017-04-18 22:01:48 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-05-03 11:36:39 -0400 |
| commit | 36e0be3187c232e99ed460acc21283160d02f923 (patch) | |
| tree | 6528dcb2ae604e23128329b26a702e4e2a99c380 /fs | |
| parent | d7809b9e99bb75e83bdd13dc70ce27df61faf5de (diff) | |
ceph: fix recursion between ceph_set_acl() and __ceph_setattr()
commit 8179a101eb5f4ef0ac9a915fcea9a9d3109efa90 upstream.
ceph_set_acl() calls __ceph_setattr() if the setacl operation needs
to modify inode's i_mode. __ceph_setattr() updates inode's i_mode,
then calls posix_acl_chmod().
The problem is that __ceph_setattr() calls posix_acl_chmod() before
sending the setattr request. The get_acl() call in posix_acl_chmod()
can trigger a getxattr request. The reply of the getxattr request
can restore inode's i_mode to its old value. The set_acl() call in
posix_acl_chmod() sees old value of inode's i_mode, so it calls
__ceph_setattr() again.
Link: http://tracker.ceph.com/issues/19688
Reported-by: Jerry Lee <leisurelysw24@gmail.com>
Signed-off-by: "Yan, Zheng" <zyan@redhat.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Tested-by: Luis Henriques <lhenriques@suse.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/ceph/inode.c | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c index 12f2252f6c98..953275b651bc 100644 --- a/fs/ceph/inode.c +++ b/fs/ceph/inode.c | |||
| @@ -2080,11 +2080,6 @@ int __ceph_setattr(struct inode *inode, struct iattr *attr) | |||
| 2080 | if (inode_dirty_flags) | 2080 | if (inode_dirty_flags) |
| 2081 | __mark_inode_dirty(inode, inode_dirty_flags); | 2081 | __mark_inode_dirty(inode, inode_dirty_flags); |
| 2082 | 2082 | ||
| 2083 | if (ia_valid & ATTR_MODE) { | ||
| 2084 | err = posix_acl_chmod(inode, attr->ia_mode); | ||
| 2085 | if (err) | ||
| 2086 | goto out_put; | ||
| 2087 | } | ||
| 2088 | 2083 | ||
| 2089 | if (mask) { | 2084 | if (mask) { |
| 2090 | req->r_inode = inode; | 2085 | req->r_inode = inode; |
| @@ -2098,13 +2093,11 @@ int __ceph_setattr(struct inode *inode, struct iattr *attr) | |||
| 2098 | ceph_cap_string(dirtied), mask); | 2093 | ceph_cap_string(dirtied), mask); |
| 2099 | 2094 | ||
| 2100 | ceph_mdsc_put_request(req); | 2095 | ceph_mdsc_put_request(req); |
| 2101 | if (mask & CEPH_SETATTR_SIZE) | ||
| 2102 | __ceph_do_pending_vmtruncate(inode); | ||
| 2103 | ceph_free_cap_flush(prealloc_cf); | ||
| 2104 | return err; | ||
| 2105 | out_put: | ||
| 2106 | ceph_mdsc_put_request(req); | ||
| 2107 | ceph_free_cap_flush(prealloc_cf); | 2096 | ceph_free_cap_flush(prealloc_cf); |
| 2097 | |||
| 2098 | if (err >= 0 && (mask & CEPH_SETATTR_SIZE)) | ||
| 2099 | __ceph_do_pending_vmtruncate(inode); | ||
| 2100 | |||
| 2108 | return err; | 2101 | return err; |
| 2109 | } | 2102 | } |
| 2110 | 2103 | ||
| @@ -2123,7 +2116,12 @@ int ceph_setattr(struct dentry *dentry, struct iattr *attr) | |||
| 2123 | if (err != 0) | 2116 | if (err != 0) |
| 2124 | return err; | 2117 | return err; |
| 2125 | 2118 | ||
| 2126 | return __ceph_setattr(inode, attr); | 2119 | err = __ceph_setattr(inode, attr); |
| 2120 | |||
| 2121 | if (err >= 0 && (attr->ia_valid & ATTR_MODE)) | ||
| 2122 | err = posix_acl_chmod(inode, attr->ia_mode); | ||
| 2123 | |||
| 2124 | return err; | ||
| 2127 | } | 2125 | } |
| 2128 | 2126 | ||
| 2129 | /* | 2127 | /* |