q3k/linux
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux/fs
History
J. Bruce Fields 7732a557b1 vfs: stop d_splice_alias creating directory aliases 
A directory should never have more than one dentry pointing to it.

But d_splice_alias() will add one if it finds a directory with an
already-existing non-DISCONNECTED dentry.

I can't find an obvious reproducer, but I also can't see what prevents
d_splice_alias() from encountering such a case.

It therefore seems safest to allow d_splice_alias to use any dentry it
finds.

(Prior to the removal of dentry_unhash() from vfs_rmdir(), around v3.0,
this could cause an nfsd deadlock like this:

	- Somebody attempts to remove a non-empty directory.
	- The dentry_unhash() in vfs_rmdir() unhashes the dentry
	  pointing to the non-empty directory.
	- ->rmdir() then fails with -ENOTEMPTY
	- Before the vfs_rmdir() caller reaches dput(), an nfsd process
	  in rename looks up the directory by filehandle; at the end of
	  that lookup, this dentry is found by d_alloc_anon(), and a
	  reference is taken on it, preventing dput() from removing it.
	- A regular lookup of the directory calls d_splice_alias(),
	  finds only an unhashed (not a DISCONNECTED) dentry, and
	  insteads adds a new one, so the directory now has two
	  dentries.
	- The nfsd process in rename, which was previously looking up
	  the source directory of the rename, now looks up the target
	  directory (which is the same), and gets the dentry newly
	  created by the previous lookup.
	- The rename, seeing two different dentries, assumes this is a
	  cross-directory rename and attempts to take the i_mutex on the
	  directory twice.

That reproducer no longer exists, but I don't think there was anything
fundamentally incorrect about the vfs_rmdir() behavior there, so I think
the real fault was here in d_splice_alias().)

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2012-05-30 21:04:54 -04:00
..
9p kill v9fs_dentry_from_dir_inode() 2012-05-29 23:28:34 -04:00
adfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
affs affs: bury unused macros 2012-05-29 23:28:34 -04:00
afs vfs: Rename end_writeback() to clear_inode() 2012-05-06 13:43:41 +08:00
autofs4 avoid iput() from flusher thread 2012-05-28 09:54:45 -07:00
befs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
bfs vfs: Rename end_writeback() to clear_inode() 2012-05-06 13:43:41 +08:00
btrfs btrfs: trivial endianness annotations 2012-05-29 23:28:35 -04:00
cachefiles switch touch_atime to struct path 2012-03-20 21:29:41 -04:00
ceph ceph: move encode_fh to new API 2012-05-29 23:28:33 -04:00
cifs Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 2012-05-29 12:42:10 -07:00
coda vfs: Rename end_writeback() to clear_inode() 2012-05-06 13:43:41 +08:00
configfs make configfs_pin_fs() return root dentry on success 2012-03-20 21:29:48 -04:00
cramfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
debugfs debugfs: Add support to print u32 array in debugfs 2012-04-17 00:18:36 -04:00
devpts userns: Convert devpts to use kuid/kgid where appropriate 2012-05-15 14:59:26 -07:00
dlm dlm: NULL dereference on failure in kmem_cache_create() 2012-05-15 10:39:28 -05:00
ecryptfs get rid of pointless allocations and copying in ecryptfs_follow_link() 2012-05-29 23:28:40 -04:00
efs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
exofs Merge branch 'for-linus' of git://git.open-osd.org/linux-open-osd 2012-05-28 13:10:41 -07:00
exportfs ->encode_fh() API change 2012-05-29 23:28:33 -04:00
ext2 avoid iput() from flusher thread 2012-05-28 09:54:45 -07:00
ext3 avoid iput() from flusher thread 2012-05-28 09:54:45 -07:00
ext4 avoid iput() from flusher thread 2012-05-28 09:54:45 -07:00
fat ->encode_fh() API change 2012-05-29 23:28:33 -04:00
freevxfs vfs: Rename end_writeback() to clear_inode() 2012-05-06 13:43:41 +08:00
fscache
fuse ->encode_fh() API change 2012-05-29 23:28:33 -04:00
gfs2 ->encode_fh() API change 2012-05-29 23:28:33 -04:00
hfs vfs: Rename end_writeback() to clear_inode() 2012-05-06 13:43:41 +08:00
hfsplus avoid iput() from flusher thread 2012-05-28 09:54:45 -07:00
hostfs vfs: Rename end_writeback() to clear_inode() 2012-05-06 13:43:41 +08:00
hpfs hpfs: assorted endianness annotations 2012-05-29 23:28:39 -04:00
hppfs vfs: Rename end_writeback() to clear_inode() 2012-05-06 13:43:41 +08:00
hugetlbfs avoid iput() from flusher thread 2012-05-28 09:54:45 -07:00
isofs ->encode_fh() API change 2012-05-29 23:28:33 -04:00
jbd jbd: Write journal superblock with WRITE_FUA after checkpointing 2012-05-15 23:34:37 +02:00
jbd2 jbd2: use GFP_NOFS for blkdev_issue_flush 2012-04-23 21:43:41 -04:00
jffs2 jffs2: get rid of jffs2_sync_super 2012-05-30 21:04:52 -04:00
jfs vfs: Rename end_writeback() to clear_inode() 2012-05-06 13:43:41 +08:00
lockd lockd: fix the endianness bug 2012-04-13 13:50:52 -04:00
logfs vfs: Rename end_writeback() to clear_inode() 2012-05-06 13:43:41 +08:00
minix vfs: Rename end_writeback() to clear_inode() 2012-05-06 13:43:41 +08:00
ncpfs get rid of idiotic misplaced __kernel_mode_t in ncfps kernel-private data structure 2012-05-29 23:28:42 -04:00
nfs NFS client updates for Linux 3.5 2012-05-29 10:43:51 -07:00
nfs_common
nfsd Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-05-23 17:42:39 -07:00
nilfs2 ->encode_fh() API change 2012-05-29 23:28:33 -04:00
nls
notify fsnotify: remove unused parameter from send_to_group() 2012-05-30 21:04:53 -04:00
ntfs vfs: Rename end_writeback() to clear_inode() 2012-05-06 13:43:41 +08:00
ocfs2 ocfs: simplify symlink handling 2012-05-29 23:28:40 -04:00
omfs vfs: Rename end_writeback() to clear_inode() 2012-05-06 13:43:41 +08:00
openpromfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
proc avoid iput() from flusher thread 2012-05-28 09:54:45 -07:00
pstore avoid iput() from flusher thread 2012-05-28 09:54:45 -07:00
qnx4 qnx4: new helper - try_extent() 2012-03-20 21:29:52 -04:00
qnx6 fs: initial qnx6fs addition 2012-03-20 21:29:38 -04:00
quota quota: Get rid of nested I_MUTEX_QUOTA locking subclass 2012-05-15 23:34:39 +02:00
ramfs tidy up after d_make_root() conversion 2012-03-20 21:29:37 -04:00
reiserfs ->encode_fh() API change 2012-05-29 23:28:33 -04:00
romfs MTD merge for 3.4 2012-03-30 17:31:56 -07:00
squashfs Add an extra mount time sanity check, plus some code cleanups and bug fixes. 2012-03-28 18:05:54 -07:00
sysfs avoid iput() from flusher thread 2012-05-28 09:54:45 -07:00
sysv vfs: Rename end_writeback() to clear_inode() 2012-05-06 13:43:41 +08:00
ubifs ubifs: use generic_fillattr() 2012-05-29 23:28:32 -04:00
udf ->encode_fh() API change 2012-05-29 23:28:33 -04:00
ufs avoid iput() from flusher thread 2012-05-28 09:54:45 -07:00
xfs ->encode_fh() API change 2012-05-29 23:28:33 -04:00
aio.c vfs: make AIO use the proper rw_verify_area() area helpers 2012-05-21 16:06:20 -07:00
anon_inodes.c anon_inodes: move allocation of anon_inode into ->mount() 2012-03-20 21:29:45 -04:00
attr.c vfs: increment iversion when a file is truncated 2012-05-30 21:04:53 -04:00
bad_inode.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
binfmt_aout.c VM: add "vm_mmap()" helper function 2012-04-20 17:29:13 -07:00
binfmt_elf.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-05-23 17:42:39 -07:00
binfmt_elf_fdpic.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-05-23 17:42:39 -07:00
binfmt_em86.c __register_binfmt() made void 2012-03-20 21:29:46 -04:00
binfmt_flat.c VM: add "vm_mmap()" helper function 2012-04-20 17:29:13 -07:00
binfmt_misc.c vfs: Rename end_writeback() to clear_inode() 2012-05-06 13:43:41 +08:00
binfmt_script.c __register_binfmt() made void 2012-03-20 21:29:46 -04:00
binfmt_som.c VM: add "vm_mmap()" helper function 2012-04-20 17:29:13 -07:00
bio-integrity.c fs: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:21 +08:00
bio.c bio allocation failure due to bio_get_nr_vecs() 2012-05-11 16:45:12 +02:00
block_dev.c avoid iput() from flusher thread 2012-05-28 09:54:45 -07:00
buffer.c fs: Move bh_cachep to the __read_mostly section 2012-05-30 21:04:52 -04:00
char_dev.c
compat.c switch readdir/getdents to fget_light/fput_light 2012-05-29 23:28:29 -04:00
compat_binfmt_elf.c
compat_ioctl.c The following text was taken from the original review request: 2012-03-24 10:24:31 -07:00
dcache.c vfs: stop d_splice_alias creating directory aliases 2012-05-30 21:04:54 -04:00
dcookies.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
direct-io.c Restore direct_io / truncate locking API 2012-02-23 15:56:21 -08:00
drop_caches.c
eventfd.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
eventpoll.c epoll: Fix user space breakage related to EPOLLWAKEUP 2012-05-22 20:57:06 +02:00
exec.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-05-23 17:42:39 -07:00
fcntl.c switch fcntl to fget_raw_light/fput_light 2012-05-29 23:28:30 -04:00
fhandle.c
fifo.c
file.c Merge branch 'x86-x32-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-03-29 18:12:23 -07:00
file_table.c brlocks/lglocks: API cleanups 2012-05-29 23:28:41 -04:00
filesystems.c
fs-writeback.c writeback: Avoid iput() from flusher thread 2012-05-06 13:43:41 +08:00
fs_struct.c The following text was taken from the original review request: 2012-03-24 10:24:31 -07:00
generic_acl.c
inode.c fs: move file_remove_suid() to fs/inode.c 2012-05-30 21:04:52 -04:00
internal.h brlocks/lglocks: turn into functions 2012-05-29 23:28:41 -04:00
ioctl.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
ioprio.c userns: Use uid_eq gid_eq helpers when comparing kuids and kgids in the vfs 2012-05-03 03:29:34 -07:00
Kconfig Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
Kconfig.binfmt C6X: add support to build with BINFMT_ELF_FDPIC 2012-05-15 09:17:34 -04:00
libfs.c vfs: make it possible to access the dentry hash/len as one 64-bit entry 2012-05-10 19:54:35 -07:00
locks.c switch flock to fget_light/fput_light 2012-05-29 23:28:31 -04:00
Makefile fs: initial qnx6fs addition 2012-03-20 21:29:38 -04:00
mbcache.c
mount.h
mpage.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
namei.c brlocks/lglocks: API cleanups 2012-05-29 23:28:41 -04:00
namespace.c brlocks/lglocks: API cleanups 2012-05-29 23:28:41 -04:00
no-block.c
open.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-05-23 17:42:39 -07:00
pipe.c pipes: add a "packetized pipe" mode for writing 2012-04-29 13:12:42 -07:00
pnode.c brlocks/lglocks: API cleanups 2012-05-29 23:28:41 -04:00
pnode.h
posix_acl.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
proc_namespace.c brlocks/lglocks: API cleanups 2012-05-29 23:28:41 -04:00
read_write.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
read_write.h
readdir.c switch readdir/getdents to fget_light/fput_light 2012-05-29 23:28:29 -04:00
select.c Merge branch 'x86-x32-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-03-29 18:12:23 -07:00
seq_file.c The following text was taken from the original review request: 2012-03-24 10:24:31 -07:00
signalfd.c switch signalfd4() to fget_light/fput_light 2012-05-29 23:28:30 -04:00
splice.c tcp: tcp_sendpages() should call tcp_push() once 2012-04-05 19:04:27 -04:00
stack.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
stat.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-05-23 17:42:39 -07:00
statfs.c switch statfs to fget_light/fput_light 2012-05-29 23:28:31 -04:00
super.c The following text was taken from the original review request: 2012-03-24 10:24:31 -07:00
sync.c switch do_fsync() to fget_light() 2012-05-29 23:28:29 -04:00
timerfd.c
utimes.c switch utimes() to fget_light/fput_light 2012-05-29 23:28:32 -04:00
xattr.c switch xattr syscalls to fget_light/fput_light 2012-05-29 23:28:30 -04:00
xattr_acl.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00