aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2011-01-14 13:45:26 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2011-01-15 20:07:31 -0500
commitcc53ce53c86924bfe98a12ea20b7465038a08792 (patch)
tree3c9a4923dd9f413c46bfa83a20cb579446df6deb /Documentation
parent9875cf806403fae66b2410a3c2cc820d97731e04 (diff)
Add a dentry op to allow processes to be held during pathwalk transit
Add a dentry op (d_manage) to permit a filesystem to hold a process and make it sleep when it tries to transit away from one of that filesystem's directories during a pathwalk. The operation is keyed off a new dentry flag (DCACHE_MANAGE_TRANSIT). The filesystem is allowed to be selective about which processes it holds and which it permits to continue on or prohibits from transiting from each flagged directory. This will allow autofs to hold up client processes whilst letting its userspace daemon through to maintain the directory or the stuff behind it or mounted upon it. The ->d_manage() dentry operation: int (*d_manage)(struct path *path, bool mounting_here); takes a pointer to the directory about to be transited away from and a flag indicating whether the transit is undertaken by do_add_mount() or do_move_mount() skipping through a pile of filesystems mounted on a mountpoint. It should return 0 if successful and to let the process continue on its way; -EISDIR to prohibit the caller from skipping to overmounted filesystems or automounting, and to use this directory; or some other error code to return to the user. ->d_manage() is called with namespace_sem writelocked if mounting_here is true and no other locks held, so it may sleep. However, if mounting_here is true, it may not initiate or wait for a mount or unmount upon the parameter directory, even if the act is actually performed by userspace. Within fs/namei.c, follow_managed() is extended to check with d_manage() first on each managed directory, before transiting away from it or attempting to automount upon it. follow_down() is renamed follow_down_one() and should only be used where the filesystem deliberately intends to avoid management steps (e.g. autofs). A new follow_down() is added that incorporates the loop done by all other callers of follow_down() (do_add/move_mount(), autofs and NFSD; whilst AFS, NFS and CIFS do use it, their use is removed by converting them to use d_automount()). The new follow_down() calls d_manage() as appropriate. It also takes an extra parameter to indicate if it is being called from mount code (with namespace_sem writelocked) which it passes to d_manage(). follow_down() ignores automount points so that it can be used to mount on them. __follow_mount_rcu() is made to abort rcu-walk mode if it hits a directory with DCACHE_MANAGE_TRANSIT set on the basis that we're probably going to have to sleep. It would be possible to enter d_manage() in rcu-walk mode too, and have that determine whether to abort or not itself. That would allow the autofs daemon to continue on in rcu-walk mode. Note that DCACHE_MANAGE_TRANSIT on a directory should be cleared when it isn't required as every tranist from that directory will cause d_manage() to be invoked. It can always be set again when necessary. ========================== WHAT THIS MEANS FOR AUTOFS ========================== Autofs currently uses the lookup() inode op and the d_revalidate() dentry op to trigger the automounting of indirect mounts, and both of these can be called with i_mutex held. autofs knows that the i_mutex will be held by the caller in lookup(), and so can drop it before invoking the daemon - but this isn't so for d_revalidate(), since the lock is only held on _some_ of the code paths that call it. This means that autofs can't risk dropping i_mutex from its d_revalidate() function before it calls the daemon. The bug could manifest itself as, for example, a process that's trying to validate an automount dentry that gets made to wait because that dentry is expired and needs cleaning up: mkdir S ffffffff8014e05a 0 32580 24956 Call Trace: [<ffffffff885371fd>] :autofs4:autofs4_wait+0x674/0x897 [<ffffffff80127f7d>] avc_has_perm+0x46/0x58 [<ffffffff8009fdcf>] autoremove_wake_function+0x0/0x2e [<ffffffff88537be6>] :autofs4:autofs4_expire_wait+0x41/0x6b [<ffffffff88535cfc>] :autofs4:autofs4_revalidate+0x91/0x149 [<ffffffff80036d96>] __lookup_hash+0xa0/0x12f [<ffffffff80057a2f>] lookup_create+0x46/0x80 [<ffffffff800e6e31>] sys_mkdirat+0x56/0xe4 versus the automount daemon which wants to remove that dentry, but can't because the normal process is holding the i_mutex lock: automount D ffffffff8014e05a 0 32581 1 32561 Call Trace: [<ffffffff80063c3f>] __mutex_lock_slowpath+0x60/0x9b [<ffffffff8000ccf1>] do_path_lookup+0x2ca/0x2f1 [<ffffffff80063c89>] .text.lock.mutex+0xf/0x14 [<ffffffff800e6d55>] do_rmdir+0x77/0xde [<ffffffff8005d229>] tracesys+0x71/0xe0 [<ffffffff8005d28d>] tracesys+0xd5/0xe0 which means that the system is deadlocked. This patch allows autofs to hold up normal processes whilst the daemon goes ahead and does things to the dentry tree behind the automouter point without risking a deadlock as almost no locks are held in d_manage() and none in d_automount(). Signed-off-by: David Howells <dhowells@redhat.com> Was-Acked-by: Ian Kent <raven@themaw.net> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/filesystems/Locking2
-rw-r--r--Documentation/filesystems/vfs.txt21
2 files changed, 22 insertions, 1 deletions
diff --git a/Documentation/filesystems/Locking b/Documentation/filesystems/Locking
index 5f0c52a07386..cbf98b989b11 100644
--- a/Documentation/filesystems/Locking
+++ b/Documentation/filesystems/Locking
@@ -20,6 +20,7 @@ prototypes:
20 void (*d_iput)(struct dentry *, struct inode *); 20 void (*d_iput)(struct dentry *, struct inode *);
21 char *(*d_dname)((struct dentry *dentry, char *buffer, int buflen); 21 char *(*d_dname)((struct dentry *dentry, char *buffer, int buflen);
22 struct vfsmount *(*d_automount)(struct path *path); 22 struct vfsmount *(*d_automount)(struct path *path);
23 int (*d_manage)(struct dentry *, bool);
23 24
24locking rules: 25locking rules:
25 rename_lock ->d_lock may block rcu-walk 26 rename_lock ->d_lock may block rcu-walk
@@ -31,6 +32,7 @@ d_release: no no yes no
31d_iput: no no yes no 32d_iput: no no yes no
32d_dname: no no no no 33d_dname: no no no no
33d_automount: no no yes no 34d_automount: no no yes no
35d_manage: no no yes no
34 36
35--------------------------- inode_operations --------------------------- 37--------------------------- inode_operations ---------------------------
36prototypes: 38prototypes:
diff --git a/Documentation/filesystems/vfs.txt b/Documentation/filesystems/vfs.txt
index 726a4f6fa3c9..4682586b147a 100644
--- a/Documentation/filesystems/vfs.txt
+++ b/Documentation/filesystems/vfs.txt
@@ -865,6 +865,7 @@ struct dentry_operations {
865 void (*d_iput)(struct dentry *, struct inode *); 865 void (*d_iput)(struct dentry *, struct inode *);
866 char *(*d_dname)(struct dentry *, char *, int); 866 char *(*d_dname)(struct dentry *, char *, int);
867 struct vfsmount *(*d_automount)(struct path *); 867 struct vfsmount *(*d_automount)(struct path *);
868 int (*d_manage)(struct dentry *, bool);
868}; 869};
869 870
870 d_revalidate: called when the VFS needs to revalidate a dentry. This 871 d_revalidate: called when the VFS needs to revalidate a dentry. This
@@ -938,12 +939,30 @@ struct dentry_operations {
938 target and the parent VFS mount record to provide inheritable mount 939 target and the parent VFS mount record to provide inheritable mount
939 parameters. NULL should be returned if someone else managed to make 940 parameters. NULL should be returned if someone else managed to make
940 the automount first. If the automount failed, then an error code 941 the automount first. If the automount failed, then an error code
941 should be returned. 942 should be returned. If -EISDIR is returned, then the directory will
943 be treated as an ordinary directory and returned to pathwalk to
944 continue walking.
942 945
943 This function is only used if DCACHE_NEED_AUTOMOUNT is set on the 946 This function is only used if DCACHE_NEED_AUTOMOUNT is set on the
944 dentry. This is set by __d_instantiate() if S_AUTOMOUNT is set on the 947 dentry. This is set by __d_instantiate() if S_AUTOMOUNT is set on the
945 inode being added. 948 inode being added.
946 949
950 d_manage: called to allow the filesystem to manage the transition from a
951 dentry (optional). This allows autofs, for example, to hold up clients
952 waiting to explore behind a 'mountpoint' whilst letting the daemon go
953 past and construct the subtree there. 0 should be returned to let the
954 calling process continue. -EISDIR can be returned to tell pathwalk to
955 use this directory as an ordinary directory and to ignore anything
956 mounted on it and not to check the automount flag. Any other error
957 code will abort pathwalk completely.
958
959 If the 'mounting_here' parameter is true, then namespace_sem is being
960 held by the caller and the function should not initiate any mounts or
961 unmounts that it will then wait for.
962
963 This function is only used if DCACHE_MANAGE_TRANSIT is set on the
964 dentry being transited from.
965
947Example : 966Example :
948 967
949static char *pipefs_dname(struct dentry *dent, char *buffer, int buflen) 968static char *pipefs_dname(struct dentry *dent, char *buffer, int buflen)