On Thu, Mar 19, 2009 at 03:17:17PM +0000, David Woodhouse wrote: > > In 2.6.27, when nfs3svc_encode_entry_plus() calls lookup_one_len(), the > > i_mutex lock was acquired by vfs_readdir() and it was not a problem. > > > > After the commit (above), nfsd_readdir/nfsd_buffered_readdir/vfs_readdir > > calls nfsd_buffered_filldir(), and nfs3svc_encode_entry_plus() is called > > later. > > In this sequence, lookup_one_len() is called without i_mutex held. > > > > Isn't it a problem? > > Yes, well spotted. It didn't matter when the buffered readdir() was > purely internal to XFS, because it didn't matter there that we called > ->lookup() without i_mutex set. But now we're exposing arbitrary file > systems to it, we need to make sure we follow the locking rules. > > I _think_ it's sufficient to make the affected callers of > lookup_one_len() lock the parent's i_mutex for themselves before calling > it. I'll take a closer look... Should we also add this? --- Ensure inode is locked in lookup_one_len() Signed-off-by: Matthew Wilcox <willy@xxxxxxxxxxxxxxx> diff --git a/fs/namei.c b/fs/namei.c index bbc15c2..476b1d0 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1244,6 +1244,7 @@ struct dentry *lookup_one_len(const char *name, struct dentry *base, int len) int err; struct qstr this; + BUG_ON(!mutex_is_locked(&base->d_inode->i_mutex)); err = __lookup_one_len(name, &this, base, len); if (err) return ERR_PTR(err); -- Matthew Wilcox Intel Open Source Technology Centre "Bill, look, we understand that you're interested in selling us this operating system, but compare it to ours. We can't possibly take such a retrograde step." -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
