Al Viro <viro@xxxxxxxxxxxxxxxxxx> writes:
> On Tue, Oct 15, 2013 at 01:16:48PM -0700, Eric W. Biederman wrote:
>
>> int vfs_rmdir(struct inode *dir, struct dentry *dentry)
>> {
>> int error = may_delete(dir, dentry, 1);
>> @@ -3622,6 +3636,9 @@ retry:
>> error = -ENOENT;
>> goto exit3;
>> }
>> + error = -EBUSY;
>> + if (covered(nd.path.mnt, dentry))
>> + goto exit3;
>
> Ugh... And it's not racy because of...? IOW, what's to keep the return
> value of covered() from getting obsolete just as it's being calculated,
> let alone returned?
I have been fighting a cold off and on so I have been taking much longer
to dig through all of these issues than I would like.
Aftering having thought through all of the issues I completely agree
that this is a racy bug that needs to be fixed.
The fix needs to be holding i_mutex of the parent directory in do_mount,
and pivot_root.
We need to hold i_mutex in do_mount and pivot_root not because of this
issue but to prevent mount points being renamed before we mount on them.
With todays kernel because of races between when we lookup a mount point
and when we take locks, and which locks we take. When mount(2) returns
the mount point can be located anywhere. Which completely defeats
returning -EBUSY mount points from a userspace semantics perspective.
I was really hoping I could think through this and say that this was a
trivial issue that would allow my patches to be good for 3.13. But that
is clearly not the case. kern_path_locked(...,LOOKUP_FOLLOW,...) is
non-trivial to implement, and there are issues like having to move
get_fs_type before we take any locks to prevent deadlocks.
I almost have the issues worked through, so hopefully I can send a
rebased set of patches in a few days.
Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
