Currently, there is a fallback with a WARN that uses down_read_trylock
as a safety measure for when there is no lock taken. The current
callsites expect a write lock to be taken. Moreover, the s_root field
is written to, which is not allowed under a read lock.
This code safety fallback should not be executed unless there is an
issue somewhere else.
The fix is to change the read lock to a write lock in the fallback.
Note:
I am currently working on a static analyser to detect missing locks
using type-based static analysis as my master's thesis
in order to obtain my master's degree.
If you would like to have more details, please let me know.
This was a reported case. I manually verified the report by looking
at the code, so that I do not send wrong information or patches.
After concluding that this seems to be a true positive, I created
this patch. I have both compile-tested this patch and runtime-tested
this patch on x86_64. The effect on a running system could be a
potential race condition in exceptional cases.
This issue was found on Linux v5.17.
Fixes: c636ebdb186bf ("VFS: Destroy the dentries contributed by a superblock on unmounting")
Signed-off-by: Niels Dossche <dossche.niels@xxxxxxxxx>
---
fs/dcache.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/dcache.c b/fs/dcache.c
index c84269c6e8bf..d81f5b9c2bce 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -1692,7 +1692,7 @@ void shrink_dcache_for_umount(struct super_block *sb)
{
struct dentry *dentry;
- WARN(down_read_trylock(&sb->s_umount), "s_umount should've been locked");
+ WARN(down_write_trylock(&sb->s_umount), "s_umount should've been locked");
dentry = sb->s_root;
sb->s_root = NULL;
--
2.35.1
