diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2013-03-26 18:25:57 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2013-03-26 18:25:57 -0400 |
commit | 7ea600b5314529f9d1b9d6d3c41cb26fce6a7a4a (patch) | |
tree | 8cc99c507999dcb7c35e973e22d79ae9a3ac8165 /fs/dcache.c | |
parent | 06ae43f34bcc07a0b6be8bf78a1c895bcd12c839 (diff) |
Nest rename_lock inside vfsmount_lock
... lest we get livelocks between path_is_under() and d_path() and friends.
The thing is, wrt fairness lglocks are more similar to rwsems than to rwlocks;
it is possible to have thread B spin on attempt to take lock shared while thread
A is already holding it shared, if B is on lower-numbered CPU than A and there's
a thread C spinning on attempt to take the same lock exclusive.
As the result, we need consistent ordering between vfsmount_lock (lglock) and
rename_lock (seq_lock), even though everything that takes both is going to take
vfsmount_lock only shared.
Spotted-by: Brad Spengler <spender@grsecurity.net>
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs/dcache.c')
-rw-r--r-- | fs/dcache.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/fs/dcache.c b/fs/dcache.c index fbfae008ba44..e8bc3420d63e 100644 --- a/fs/dcache.c +++ b/fs/dcache.c | |||
@@ -2542,7 +2542,6 @@ static int prepend_path(const struct path *path, | |||
2542 | bool slash = false; | 2542 | bool slash = false; |
2543 | int error = 0; | 2543 | int error = 0; |
2544 | 2544 | ||
2545 | br_read_lock(&vfsmount_lock); | ||
2546 | while (dentry != root->dentry || vfsmnt != root->mnt) { | 2545 | while (dentry != root->dentry || vfsmnt != root->mnt) { |
2547 | struct dentry * parent; | 2546 | struct dentry * parent; |
2548 | 2547 | ||
@@ -2572,8 +2571,6 @@ static int prepend_path(const struct path *path, | |||
2572 | if (!error && !slash) | 2571 | if (!error && !slash) |
2573 | error = prepend(buffer, buflen, "/", 1); | 2572 | error = prepend(buffer, buflen, "/", 1); |
2574 | 2573 | ||
2575 | out: | ||
2576 | br_read_unlock(&vfsmount_lock); | ||
2577 | return error; | 2574 | return error; |
2578 | 2575 | ||
2579 | global_root: | 2576 | global_root: |
@@ -2590,7 +2587,7 @@ global_root: | |||
2590 | error = prepend(buffer, buflen, "/", 1); | 2587 | error = prepend(buffer, buflen, "/", 1); |
2591 | if (!error) | 2588 | if (!error) |
2592 | error = is_mounted(vfsmnt) ? 1 : 2; | 2589 | error = is_mounted(vfsmnt) ? 1 : 2; |
2593 | goto out; | 2590 | return error; |
2594 | } | 2591 | } |
2595 | 2592 | ||
2596 | /** | 2593 | /** |
@@ -2617,9 +2614,11 @@ char *__d_path(const struct path *path, | |||
2617 | int error; | 2614 | int error; |
2618 | 2615 | ||
2619 | prepend(&res, &buflen, "\0", 1); | 2616 | prepend(&res, &buflen, "\0", 1); |
2617 | br_read_lock(&vfsmount_lock); | ||
2620 | write_seqlock(&rename_lock); | 2618 | write_seqlock(&rename_lock); |
2621 | error = prepend_path(path, root, &res, &buflen); | 2619 | error = prepend_path(path, root, &res, &buflen); |
2622 | write_sequnlock(&rename_lock); | 2620 | write_sequnlock(&rename_lock); |
2621 | br_read_unlock(&vfsmount_lock); | ||
2623 | 2622 | ||
2624 | if (error < 0) | 2623 | if (error < 0) |
2625 | return ERR_PTR(error); | 2624 | return ERR_PTR(error); |
@@ -2636,9 +2635,11 @@ char *d_absolute_path(const struct path *path, | |||
2636 | int error; | 2635 | int error; |
2637 | 2636 | ||
2638 | prepend(&res, &buflen, "\0", 1); | 2637 | prepend(&res, &buflen, "\0", 1); |
2638 | br_read_lock(&vfsmount_lock); | ||
2639 | write_seqlock(&rename_lock); | 2639 | write_seqlock(&rename_lock); |
2640 | error = prepend_path(path, &root, &res, &buflen); | 2640 | error = prepend_path(path, &root, &res, &buflen); |
2641 | write_sequnlock(&rename_lock); | 2641 | write_sequnlock(&rename_lock); |
2642 | br_read_unlock(&vfsmount_lock); | ||
2642 | 2643 | ||
2643 | if (error > 1) | 2644 | if (error > 1) |
2644 | error = -EINVAL; | 2645 | error = -EINVAL; |
@@ -2702,11 +2703,13 @@ char *d_path(const struct path *path, char *buf, int buflen) | |||
2702 | return path->dentry->d_op->d_dname(path->dentry, buf, buflen); | 2703 | return path->dentry->d_op->d_dname(path->dentry, buf, buflen); |
2703 | 2704 | ||
2704 | get_fs_root(current->fs, &root); | 2705 | get_fs_root(current->fs, &root); |
2706 | br_read_lock(&vfsmount_lock); | ||
2705 | write_seqlock(&rename_lock); | 2707 | write_seqlock(&rename_lock); |
2706 | error = path_with_deleted(path, &root, &res, &buflen); | 2708 | error = path_with_deleted(path, &root, &res, &buflen); |
2709 | write_sequnlock(&rename_lock); | ||
2710 | br_read_unlock(&vfsmount_lock); | ||
2707 | if (error < 0) | 2711 | if (error < 0) |
2708 | res = ERR_PTR(error); | 2712 | res = ERR_PTR(error); |
2709 | write_sequnlock(&rename_lock); | ||
2710 | path_put(&root); | 2713 | path_put(&root); |
2711 | return res; | 2714 | return res; |
2712 | } | 2715 | } |
@@ -2830,6 +2833,7 @@ SYSCALL_DEFINE2(getcwd, char __user *, buf, unsigned long, size) | |||
2830 | get_fs_root_and_pwd(current->fs, &root, &pwd); | 2833 | get_fs_root_and_pwd(current->fs, &root, &pwd); |
2831 | 2834 | ||
2832 | error = -ENOENT; | 2835 | error = -ENOENT; |
2836 | br_read_lock(&vfsmount_lock); | ||
2833 | write_seqlock(&rename_lock); | 2837 | write_seqlock(&rename_lock); |
2834 | if (!d_unlinked(pwd.dentry)) { | 2838 | if (!d_unlinked(pwd.dentry)) { |
2835 | unsigned long len; | 2839 | unsigned long len; |
@@ -2839,6 +2843,7 @@ SYSCALL_DEFINE2(getcwd, char __user *, buf, unsigned long, size) | |||
2839 | prepend(&cwd, &buflen, "\0", 1); | 2843 | prepend(&cwd, &buflen, "\0", 1); |
2840 | error = prepend_path(&pwd, &root, &cwd, &buflen); | 2844 | error = prepend_path(&pwd, &root, &cwd, &buflen); |
2841 | write_sequnlock(&rename_lock); | 2845 | write_sequnlock(&rename_lock); |
2846 | br_read_unlock(&vfsmount_lock); | ||
2842 | 2847 | ||
2843 | if (error < 0) | 2848 | if (error < 0) |
2844 | goto out; | 2849 | goto out; |
@@ -2859,6 +2864,7 @@ SYSCALL_DEFINE2(getcwd, char __user *, buf, unsigned long, size) | |||
2859 | } | 2864 | } |
2860 | } else { | 2865 | } else { |
2861 | write_sequnlock(&rename_lock); | 2866 | write_sequnlock(&rename_lock); |
2867 | br_read_unlock(&vfsmount_lock); | ||
2862 | } | 2868 | } |
2863 | 2869 | ||
2864 | out: | 2870 | out: |