Patchwork [3.11.y.z,extended,stable] Patch "autofs: fix lockref lookup" has been added to staging queue

login
register
mail settings
Submitter Luis Henriques
Date May 14, 2014, 2:57 p.m.
Message ID <1400079470-16715-1-git-send-email-luis.henriques@canonical.com>
Download mbox | patch
Permalink /patch/348829/
State New
Headers show

Comments

Luis Henriques - May 14, 2014, 2:57 p.m.
This is a note to let you know that I have just added a patch titled

    autofs: fix lockref lookup

to the linux-3.11.y-queue branch of the 3.11.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.11.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.11.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Luis

------

From 506be3083ae3126309bc58ec3452a64bc9a09146 Mon Sep 17 00:00:00 2001
From: Ian Kent <raven@themaw.net>
Date: Tue, 6 May 2014 12:50:06 -0700
Subject: autofs: fix lockref lookup

commit 6b6751f7feba68d8f5c72b72cc69a1c5a625529c upstream.

autofs needs to be able to see private data dentry flags for its dentrys
that are being created but not yet hashed and for its dentrys that have
been rmdir()ed but not yet freed.  It needs to do this so it can block
processes in these states until a status has been returned to indicate
the given operation is complete.

It does this by keeping two lists, active and expring, of dentrys in
this state and uses ->d_release() to keep them stable while it checks
the reference count to determine if they should be used.

But with the recent lockref changes dentrys being freed sometimes don't
transition to a reference count of 0 before being freed so autofs can
occassionally use a dentry that is invalid which can lead to a panic.

Signed-off-by: Ian Kent <raven@themaw.net>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
---
 fs/autofs4/root.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--
1.9.1
Ian Kent - May 15, 2014, 2:06 a.m.
On Wed, 2014-05-14 at 15:57 +0100, Luis Henriques wrote:
> This is a note to let you know that I have just added a patch titled
> 
>     autofs: fix lockref lookup
> 
> to the linux-3.11.y-queue branch of the 3.11.y.z extended stable tree 
> which can be found at:
> 
>  http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.11.y-queue
> 
> If you, or anyone else, feels it should not be added to this tree, please 
> reply to this email.

AFAICS lockref_mark_dead() isn't present in this tree so the bug the
patch fixes isn't present.

I don't think it will introduce a regression and will be there if the
later lockref change is added at some point.

So I guess it's your choice whether to keep it or not.
 
> 
> For more information about the 3.11.y.z tree, see
> https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
> 
> Thanks.
> -Luis
> 
> ------
> 
> From 506be3083ae3126309bc58ec3452a64bc9a09146 Mon Sep 17 00:00:00 2001
> From: Ian Kent <raven@themaw.net>
> Date: Tue, 6 May 2014 12:50:06 -0700
> Subject: autofs: fix lockref lookup
> 
> commit 6b6751f7feba68d8f5c72b72cc69a1c5a625529c upstream.
> 
> autofs needs to be able to see private data dentry flags for its dentrys
> that are being created but not yet hashed and for its dentrys that have
> been rmdir()ed but not yet freed.  It needs to do this so it can block
> processes in these states until a status has been returned to indicate
> the given operation is complete.
> 
> It does this by keeping two lists, active and expring, of dentrys in
> this state and uses ->d_release() to keep them stable while it checks
> the reference count to determine if they should be used.
> 
> But with the recent lockref changes dentrys being freed sometimes don't
> transition to a reference count of 0 before being freed so autofs can
> occassionally use a dentry that is invalid which can lead to a panic.
> 
> Signed-off-by: Ian Kent <raven@themaw.net>
> Cc: Al Viro <viro@zeniv.linux.org.uk>
> Cc: Linus Torvalds <torvalds@linux-foundation.org>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
> Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
> ---
>  fs/autofs4/root.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/autofs4/root.c b/fs/autofs4/root.c
> index 92ef341..2a69bde 100644
> --- a/fs/autofs4/root.c
> +++ b/fs/autofs4/root.c
> @@ -179,7 +179,7 @@ static struct dentry *autofs4_lookup_active(struct dentry *dentry)
>  		spin_lock(&active->d_lock);
> 
>  		/* Already gone? */
> -		if (!d_count(active))
> +		if ((int) d_count(active) <= 0)
>  			goto next;
> 
>  		qstr = &active->d_name;
> @@ -230,7 +230,7 @@ static struct dentry *autofs4_lookup_expiring(struct dentry *dentry)
> 
>  		spin_lock(&expiring->d_lock);
> 
> -		/* Bad luck, we've already been dentry_iput */
> +		/* We've already been dentry_iput or unlinked */
>  		if (!expiring->d_inode)
>  			goto next;
> 
> --
> 1.9.1
>
Luis Henriques - May 15, 2014, 9:27 a.m.
Ian Kent <raven@themaw.net> writes:

> On Wed, 2014-05-14 at 15:57 +0100, Luis Henriques wrote:
>> This is a note to let you know that I have just added a patch titled
>> 
>>     autofs: fix lockref lookup
>> 
>> to the linux-3.11.y-queue branch of the 3.11.y.z extended stable tree 
>> which can be found at:
>> 
>>  http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.11.y-queue
>> 
>> If you, or anyone else, feels it should not be added to this tree, please 
>> reply to this email.
>
> AFAICS lockref_mark_dead() isn't present in this tree so the bug the
> patch fixes isn't present.
>
> I don't think it will introduce a regression and will be there if the
> later lockref change is added at some point.
>
> So I guess it's your choice whether to keep it or not.
>  

Great, thanks for your review.  I'll just drop this patch from the
3.11 kernel queue.

Cheers,

Patch

diff --git a/fs/autofs4/root.c b/fs/autofs4/root.c
index 92ef341..2a69bde 100644
--- a/fs/autofs4/root.c
+++ b/fs/autofs4/root.c
@@ -179,7 +179,7 @@  static struct dentry *autofs4_lookup_active(struct dentry *dentry)
 		spin_lock(&active->d_lock);

 		/* Already gone? */
-		if (!d_count(active))
+		if ((int) d_count(active) <= 0)
 			goto next;

 		qstr = &active->d_name;
@@ -230,7 +230,7 @@  static struct dentry *autofs4_lookup_expiring(struct dentry *dentry)

 		spin_lock(&expiring->d_lock);

-		/* Bad luck, we've already been dentry_iput */
+		/* We've already been dentry_iput or unlinked */
 		if (!expiring->d_inode)
 			goto next;