3.16.46-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: "Yan, Zheng" <zyan@xxxxxxxxxx> commit 8179a101eb5f4ef0ac9a915fcea9a9d3109efa90 upstream. ceph_set_acl() calls __ceph_setattr() if the setacl operation needs to modify inode's i_mode. __ceph_setattr() updates inode's i_mode, then calls posix_acl_chmod(). The problem is that __ceph_setattr() calls posix_acl_chmod() before sending the setattr request. The get_acl() call in posix_acl_chmod() can trigger a getxattr request. The reply of the getxattr request can restore inode's i_mode to its old value. The set_acl() call in posix_acl_chmod() sees old value of inode's i_mode, so it calls __ceph_setattr() again. Link: http://tracker.ceph.com/issues/19688 Reported-by: Jerry Lee <leisurelysw24@xxxxxxxxx> Signed-off-by: "Yan, Zheng" <zyan@xxxxxxxxxx> Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx> Tested-by: Luis Henriques <lhenriques@xxxxxxxx> Signed-off-by: Ilya Dryomov <idryomov@xxxxxxxxx> [bwh: Backported to 3.16: All the changes are made in ceph_setattr() as there is no __ceph_setattr() function.] Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> --- --- a/fs/ceph/inode.c +++ b/fs/ceph/inode.c @@ -1875,12 +1875,6 @@ int ceph_setattr(struct dentry *dentry, if (inode_dirty_flags) __mark_inode_dirty(inode, inode_dirty_flags); - if (ia_valid & ATTR_MODE) { - err = posix_acl_chmod(inode, attr->ia_mode); - if (err) - goto out_put; - } - if (mask) { req->r_inode = inode; ihold(inode); @@ -1893,12 +1887,16 @@ int ceph_setattr(struct dentry *dentry, ceph_cap_string(dirtied), mask); ceph_mdsc_put_request(req); - if (mask & CEPH_SETATTR_SIZE) + + if (err >= 0 && (mask & CEPH_SETATTR_SIZE)) __ceph_do_pending_vmtruncate(inode); + + if (err >= 0 && (attr->ia_valid & ATTR_MODE)) + err = posix_acl_chmod(inode, attr->ia_mode); + return err; out: spin_unlock(&ci->i_ceph_lock); -out_put: ceph_mdsc_put_request(req); return err; }