diff options
| author | Mateusz Guzik <[email protected]> | 2024-07-18 17:18:37 +0200 |
|---|---|---|
| committer | Christian Brauner <[email protected]> | 2024-07-24 10:52:58 +0200 |
| commit | 5bc9ad78c2f836bd2fe9b5c911f8499364ee5b6e (patch) | |
| tree | 9235d52e214601db74141451460fe8a915ffa0c3 /lib/test_fortify/write_overflow-strncpy-src.c | |
| parent | fcad93360df4d04b172dba85b976c9f38ee0d5e0 (diff) | |
vfs: handle __wait_on_freeing_inode() and evict() race
Lockless hash lookup can find and lock the inode after it gets the
I_FREEING flag set, at which point it blocks waiting for teardown in
evict() to finish.
However, the flag is still set even after evict() wakes up all waiters.
This results in a race where if the inode lock is taken late enough, it
can happen after both hash removal and wakeups, meaning there is nobody
to wake the racing thread up.
This worked prior to RCU-based lookup because the entire ordeal was
synchronized with the inode hash lock.
Since unhashing requires the inode lock, we can safely check whether it
happened after acquiring it.
Link: https://lore.kernel.org/v9fs/[email protected]/
Reported-by: Dominique Martinet <[email protected]>
Fixes: 7180f8d91fcb ("vfs: add rcu-based find_inode variants for iget ops")
Signed-off-by: Mateusz Guzik <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Reviewed-by: Jan Kara <[email protected]>
Signed-off-by: Christian Brauner <[email protected]>
Diffstat (limited to 'lib/test_fortify/write_overflow-strncpy-src.c')
0 files changed, 0 insertions, 0 deletions