[PATCH] d_move() vs d_unhashed() race: retry under d_lock

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Goldwyn Rodrigues <rgoldwyn@xxxxxxxx>

This is a follow-up of Alexey's patch at
https://patchwork.kernel.org/patch/9455345/
with suggestions proposed by Al Viro.

d_move() and d_unhashed() may race because there is a small window
where the dentry is unhashed. This may result in ENOENT (for getcwd).
This must be checked under d_lock. However, in order to keep the fast
path, perform the d_unhashed without d_lock first, and in the unlikely
event that it succeeds, perform the check again under d_lock.

Here is the test case which demonstrates the problem:

void *thread_main(void *unused)
{
	int rc;

	for (;;) {
		rc = rename("/tmp/t-a", "/tmp/t-b");
		assert(rc == 0);
		rc = rename("/tmp/t-b", "/tmp/t-a");
		assert(rc == 0);
	}

	return NULL;
}

int main(void)
{
	int rc, i;
	pthread_t ptt;

	rmdir("/tmp/t-a");
	rmdir("/tmp/t-b");

	rc = mkdir("/tmp/t-a", 0666);
	assert(rc == 0);

	rc = chdir("/tmp/t-a");
	assert(rc == 0);

	rc = pthread_create(&ptt, NULL, thread_main, NULL);
	assert(rc == 0);

	for (i = 0;; i++) {
		char buf[100], *b;
		b = getcwd(buf, sizeof(buf));
		if (b == NULL) {
			printf("getcwd failed on iter %d with %d\n", i,
					errno);
			break;
		}
	}

	return 0;
}

Signed-off-by: Goldwyn Rodrigues <rgoldwyn@xxxxxxxx>
---
 fs/dcache.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/fs/dcache.c b/fs/dcache.c
index f90141387f01..ebda7e20ae86 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -3224,6 +3224,18 @@ char *d_absolute_path(const struct path *path,
 	return res;
 }
 
+static inline bool d_unhashed_safe(struct dentry *dentry)
+{
+        bool ret = d_unhashed(dentry);
+        if (unlikely(ret)) {
+                /* retry under d_lock */
+                spin_lock(&dentry->d_lock);
+                ret = d_unhashed(dentry);
+                spin_unlock(&dentry->d_lock);
+        }
+        return ret;
+}
+
 /*
  * same as __d_path but appends "(deleted)" for unlinked files.
  */
@@ -3232,7 +3244,7 @@ static int path_with_deleted(const struct path *path,
 			     char **buf, int *buflen)
 {
 	prepend(buf, buflen, "\0", 1);
-	if (d_unlinked(path->dentry)) {
+	if (d_unhashed_safe(path->dentry)) {
 		int error = prepend(buf, buflen, " (deleted)", 10);
 		if (error)
 			return error;
@@ -3396,7 +3408,7 @@ char *dentry_path(struct dentry *dentry, char *buf, int buflen)
 	char *p = NULL;
 	char *retval;
 
-	if (d_unlinked(dentry)) {
+	if (d_unhashed_safe(dentry)) {
 		p = buf + buflen;
 		if (prepend(&p, &buflen, "//deleted", 10) != 0)
 			goto Elong;
@@ -3453,7 +3465,7 @@ SYSCALL_DEFINE2(getcwd, char __user *, buf, unsigned long, size)
 	get_fs_root_and_pwd_rcu(current->fs, &root, &pwd);
 
 	error = -ENOENT;
-	if (!d_unlinked(pwd.dentry)) {
+	if (!d_unhashed_safe(pwd.dentry)) {
 		unsigned long len;
 		char *cwd = page + PATH_MAX;
 		int buflen = PATH_MAX;
-- 
2.14.1




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux