aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLouis Rilling <Louis.Rilling@kerlabs.com>2008-06-16 13:01:02 -0400
committerMark Fasheh <mfasheh@suse.com>2008-07-14 16:57:16 -0400
commit6d8344baee99402de58b5fa5dfea197242955c15 (patch)
tree6be890feb8063bdaac6efaff1044980cb76ee961
parentb3e76af87441fc36eef3516d73ab2314e7b2d911 (diff)
configfs: Fix failing mkdir() making racing rmdir() fail
When fixing the rename() vs rmdir() deadlock, we stopped locking default groups' inodes in configfs_detach_prep(), letting racing mkdir() in default groups proceed concurrently. This enables races like below happen, which leads to a failing mkdir() making rmdir() fail, despite the group to remove having no user-created directory under it in the end. process A: process B: /* PWD=A/B */ mkdir("C") make_item("C") attach_group("C") rmdir("A") detach_prep("A") detach_prep("B") error because of "C" return -ENOTEMPTY attach_group("C/D") error (eg -ENOMEM) return -ENOMEM This patch prevents such scenarii by making rmdir() wait as long as detach_prep() fails because a racing mkdir() is in the middle of attach_group(). To achieve this, mkdir() sets a flag CONFIGFS_USET_IN_MKDIR in parent's configfs_dirent before calling attach_group(), and clears the flag once attach_group() is done. detach_prep() fails with -EAGAIN whenever the flag is hit and returns the guilty inode's mutex so that rmdir() can wait on it. Signed-off-by: Louis Rilling <Louis.Rilling@kerlabs.com> Signed-off-by: Joel Becker <joel.becker@oracle.com>
-rw-r--r--fs/configfs/configfs_internal.h1
-rw-r--r--fs/configfs/dir.c53
2 files changed, 44 insertions, 10 deletions
diff --git a/fs/configfs/configfs_internal.h b/fs/configfs/configfs_internal.h
index 5a33b58e66da..da015c12e3ea 100644
--- a/fs/configfs/configfs_internal.h
+++ b/fs/configfs/configfs_internal.h
@@ -48,6 +48,7 @@ struct configfs_dirent {
48#define CONFIGFS_USET_DIR 0x0040 48#define CONFIGFS_USET_DIR 0x0040
49#define CONFIGFS_USET_DEFAULT 0x0080 49#define CONFIGFS_USET_DEFAULT 0x0080
50#define CONFIGFS_USET_DROPPING 0x0100 50#define CONFIGFS_USET_DROPPING 0x0100
51#define CONFIGFS_USET_IN_MKDIR 0x0200
51#define CONFIGFS_NOT_PINNED (CONFIGFS_ITEM_ATTR) 52#define CONFIGFS_NOT_PINNED (CONFIGFS_ITEM_ATTR)
52 53
53extern spinlock_t configfs_dirent_lock; 54extern spinlock_t configfs_dirent_lock;
diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c
index d5b5985716ba..614e382a6049 100644
--- a/fs/configfs/dir.c
+++ b/fs/configfs/dir.c
@@ -364,7 +364,7 @@ static struct dentry * configfs_lookup(struct inode *dir,
364 * If there is an error, the caller will reset the flags via 364 * If there is an error, the caller will reset the flags via
365 * configfs_detach_rollback(). 365 * configfs_detach_rollback().
366 */ 366 */
367static int configfs_detach_prep(struct dentry *dentry) 367static int configfs_detach_prep(struct dentry *dentry, struct mutex **wait_mutex)
368{ 368{
369 struct configfs_dirent *parent_sd = dentry->d_fsdata; 369 struct configfs_dirent *parent_sd = dentry->d_fsdata;
370 struct configfs_dirent *sd; 370 struct configfs_dirent *sd;
@@ -379,6 +379,12 @@ static int configfs_detach_prep(struct dentry *dentry)
379 if (sd->s_type & CONFIGFS_NOT_PINNED) 379 if (sd->s_type & CONFIGFS_NOT_PINNED)
380 continue; 380 continue;
381 if (sd->s_type & CONFIGFS_USET_DEFAULT) { 381 if (sd->s_type & CONFIGFS_USET_DEFAULT) {
382 /* Abort if racing with mkdir() */
383 if (sd->s_type & CONFIGFS_USET_IN_MKDIR) {
384 if (wait_mutex)
385 *wait_mutex = &sd->s_dentry->d_inode->i_mutex;
386 return -EAGAIN;
387 }
382 /* Mark that we're trying to drop the group */ 388 /* Mark that we're trying to drop the group */
383 sd->s_type |= CONFIGFS_USET_DROPPING; 389 sd->s_type |= CONFIGFS_USET_DROPPING;
384 390
@@ -386,7 +392,7 @@ static int configfs_detach_prep(struct dentry *dentry)
386 * Yup, recursive. If there's a problem, blame 392 * Yup, recursive. If there's a problem, blame
387 * deep nesting of default_groups 393 * deep nesting of default_groups
388 */ 394 */
389 ret = configfs_detach_prep(sd->s_dentry); 395 ret = configfs_detach_prep(sd->s_dentry, wait_mutex);
390 if (!ret) 396 if (!ret)
391 continue; 397 continue;
392 } else 398 } else
@@ -1113,11 +1119,26 @@ static int configfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
1113 */ 1119 */
1114 module_got = 1; 1120 module_got = 1;
1115 1121
1122 /*
1123 * Make racing rmdir() fail if it did not tag parent with
1124 * CONFIGFS_USET_DROPPING
1125 * Note: if CONFIGFS_USET_DROPPING is already set, attach_group() will
1126 * fail and let rmdir() terminate correctly
1127 */
1128 spin_lock(&configfs_dirent_lock);
1129 /* This will make configfs_detach_prep() fail */
1130 sd->s_type |= CONFIGFS_USET_IN_MKDIR;
1131 spin_unlock(&configfs_dirent_lock);
1132
1116 if (group) 1133 if (group)
1117 ret = configfs_attach_group(parent_item, item, dentry); 1134 ret = configfs_attach_group(parent_item, item, dentry);
1118 else 1135 else
1119 ret = configfs_attach_item(parent_item, item, dentry); 1136 ret = configfs_attach_item(parent_item, item, dentry);
1120 1137
1138 spin_lock(&configfs_dirent_lock);
1139 sd->s_type &= ~CONFIGFS_USET_IN_MKDIR;
1140 spin_unlock(&configfs_dirent_lock);
1141
1121out_unlink: 1142out_unlink:
1122 if (ret) { 1143 if (ret) {
1123 /* Tear down everything we built up */ 1144 /* Tear down everything we built up */
@@ -1182,13 +1203,25 @@ static int configfs_rmdir(struct inode *dir, struct dentry *dentry)
1182 } 1203 }
1183 1204
1184 spin_lock(&configfs_dirent_lock); 1205 spin_lock(&configfs_dirent_lock);
1185 ret = configfs_detach_prep(dentry); 1206 do {
1186 if (ret) { 1207 struct mutex *wait_mutex;
1187 configfs_detach_rollback(dentry); 1208
1188 spin_unlock(&configfs_dirent_lock); 1209 ret = configfs_detach_prep(dentry, &wait_mutex);
1189 config_item_put(parent_item); 1210 if (ret) {
1190 return ret; 1211 configfs_detach_rollback(dentry);
1191 } 1212 spin_unlock(&configfs_dirent_lock);
1213 if (ret != -EAGAIN) {
1214 config_item_put(parent_item);
1215 return ret;
1216 }
1217
1218 /* Wait until the racing operation terminates */
1219 mutex_lock(wait_mutex);
1220 mutex_unlock(wait_mutex);
1221
1222 spin_lock(&configfs_dirent_lock);
1223 }
1224 } while (ret == -EAGAIN);
1192 spin_unlock(&configfs_dirent_lock); 1225 spin_unlock(&configfs_dirent_lock);
1193 1226
1194 /* Get a working ref for the duration of this function */ 1227 /* Get a working ref for the duration of this function */
@@ -1480,7 +1513,7 @@ void configfs_unregister_subsystem(struct configfs_subsystem *subsys)
1480 I_MUTEX_PARENT); 1513 I_MUTEX_PARENT);
1481 mutex_lock_nested(&dentry->d_inode->i_mutex, I_MUTEX_CHILD); 1514 mutex_lock_nested(&dentry->d_inode->i_mutex, I_MUTEX_CHILD);
1482 spin_lock(&configfs_dirent_lock); 1515 spin_lock(&configfs_dirent_lock);
1483 if (configfs_detach_prep(dentry)) { 1516 if (configfs_detach_prep(dentry, NULL)) {
1484 printk(KERN_ERR "configfs: Tried to unregister non-empty subsystem!\n"); 1517 printk(KERN_ERR "configfs: Tried to unregister non-empty subsystem!\n");
1485 } 1518 }
1486 spin_unlock(&configfs_dirent_lock); 1519 spin_unlock(&configfs_dirent_lock);