Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
> IOW, all of those should be unconditional.
Fair point. How about the attached, then?
David
---
commit 1aa76514c426150af429d111cec256e81729fa6f
Author: David Howells <dhowells@xxxxxxxxxx>
Date: Tue Jul 3 22:35:28 2018 +0100
vfs: Locking fix for sget_fc()
In sget_fc(), don't drop the s_umount lock before calling
destroy_unused_super() as that will drop the lock.
Fixes: 8a2e54b8af88 ("vfs: Implement a filesystem superblock creation/configuration context")
Reported-by: Eric Biggers <ebiggers3@xxxxxxxxx>
Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
diff --git a/fs/super.c b/fs/super.c
index 43400f5fa33a..dccd397751b1 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -516,19 +516,12 @@ struct super_block *sget_fc(struct fs_context *fc,
continue;
if (fc->user_ns != old->s_user_ns) {
spin_unlock(&sb_lock);
- if (s) {
- up_write(&s->s_umount);
- destroy_unused_super(s);
- }
+ destroy_unused_super(s);
return ERR_PTR(-EBUSY);
}
if (!grab_super(old))
goto retry;
- if (s) {
- up_write(&s->s_umount);
- destroy_unused_super(s);
- s = NULL;
- }
+ destroy_unused_super(s);
return old;
}
}
@@ -545,7 +538,6 @@ struct super_block *sget_fc(struct fs_context *fc,
if (err) {
s->s_fs_info = NULL;
spin_unlock(&sb_lock);
- up_write(&s->s_umount);
destroy_unused_super(s);
return ERR_PTR(err);
}
