From f50b6f8691cae2e0064c499dd3ef3f31142987f0 Mon Sep 17 00:00:00 2001 From: Ian Kent Date: Tue, 20 Feb 2007 13:58:10 -0800 Subject: [PATCH] autofs4: fix another race between mount and expire Jeff Moyer has identified a race between mount and expire. What happens is that during an expire the situation can arise that a directory is removed and another lookup is done before the expire issues a completion status to the kernel module. In this case, since the the lookup gets a new dentry, it doesn't know that there is an expire in progress and when it posts its mount request, matches the existing expire request and waits for its completion. ENOENT is then returned to user space from lookup (as the dentry passed in is now unhashed) without having performed the mount request. The solution used here is to keep track of dentrys in this unhashed state and reuse them, if possible, in order to preserve the flags. Additionally, this infrastructure will provide the framework for the reintroduction of caching of mount fails removed earlier in development. Signed-off-by: Ian Kent Acked-by: Jeff Moyer Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/autofs4/root.c | 171 +++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 151 insertions(+), 20 deletions(-) (limited to 'fs/autofs4/root.c') diff --git a/fs/autofs4/root.c b/fs/autofs4/root.c index 47fee96c2182..47adf270106a 100644 --- a/fs/autofs4/root.c +++ b/fs/autofs4/root.c @@ -263,7 +263,7 @@ static int try_to_fill_dentry(struct dentry *dentry, int flags) */ status = d_invalidate(dentry); if (status != -EBUSY) - return -ENOENT; + return -EAGAIN; } DPRINTK("dentry=%p %.*s ino=%p", @@ -413,7 +413,16 @@ static int autofs4_revalidate(struct dentry *dentry, struct nameidata *nd) */ status = try_to_fill_dentry(dentry, flags); if (status == 0) - return 1; + return 1; + + /* + * A status of EAGAIN here means that the dentry has gone + * away while waiting for an expire to complete. If we are + * racing with expire lookup will wait for it so this must + * be a revalidate and we need to send it to lookup. + */ + if (status == -EAGAIN) + return 0; return status; } @@ -459,9 +468,18 @@ void autofs4_dentry_release(struct dentry *de) de->d_fsdata = NULL; if (inf) { + struct autofs_sb_info *sbi = autofs4_sbi(de->d_sb); + inf->dentry = NULL; inf->inode = NULL; + if (sbi) { + spin_lock(&sbi->rehash_lock); + if (!list_empty(&inf->rehash)) + list_del(&inf->rehash); + spin_unlock(&sbi->rehash_lock); + } + autofs4_free_ino(inf); } } @@ -478,10 +496,80 @@ static struct dentry_operations autofs4_dentry_operations = { .d_release = autofs4_dentry_release, }; +static struct dentry *autofs4_lookup_unhashed(struct autofs_sb_info *sbi, struct dentry *parent, struct qstr *name) +{ + unsigned int len = name->len; + unsigned int hash = name->hash; + const unsigned char *str = name->name; + struct list_head *p, *head; + + spin_lock(&dcache_lock); + spin_lock(&sbi->rehash_lock); + head = &sbi->rehash_list; + list_for_each(p, head) { + struct autofs_info *ino; + struct dentry *dentry; + struct qstr *qstr; + + ino = list_entry(p, struct autofs_info, rehash); + dentry = ino->dentry; + + spin_lock(&dentry->d_lock); + + /* Bad luck, we've already been dentry_iput */ + if (!dentry->d_inode) + goto next; + + qstr = &dentry->d_name; + + if (dentry->d_name.hash != hash) + goto next; + if (dentry->d_parent != parent) + goto next; + + if (qstr->len != len) + goto next; + if (memcmp(qstr->name, str, len)) + goto next; + + if (d_unhashed(dentry)) { + struct autofs_info *ino = autofs4_dentry_ino(dentry); + struct inode *inode = dentry->d_inode; + + list_del_init(&ino->rehash); + dget(dentry); + /* + * Make the rehashed dentry negative so the VFS + * behaves as it should. + */ + if (inode) { + dentry->d_inode = NULL; + list_del_init(&dentry->d_alias); + spin_unlock(&dentry->d_lock); + spin_unlock(&sbi->rehash_lock); + spin_unlock(&dcache_lock); + iput(inode); + return dentry; + } + spin_unlock(&dentry->d_lock); + spin_unlock(&sbi->rehash_lock); + spin_unlock(&dcache_lock); + return dentry; + } +next: + spin_unlock(&dentry->d_lock); + } + spin_unlock(&sbi->rehash_lock); + spin_unlock(&dcache_lock); + + return NULL; +} + /* Lookups in the root directory */ static struct dentry *autofs4_lookup(struct inode *dir, struct dentry *dentry, struct nameidata *nd) { struct autofs_sb_info *sbi; + struct dentry *unhashed; int oz_mode; DPRINTK("name = %.*s", @@ -497,25 +585,46 @@ static struct dentry *autofs4_lookup(struct inode *dir, struct dentry *dentry, s DPRINTK("pid = %u, pgrp = %u, catatonic = %d, oz_mode = %d", current->pid, process_group(current), sbi->catatonic, oz_mode); - /* - * Mark the dentry incomplete, but add it. This is needed so - * that the VFS layer knows about the dentry, and we can count - * on catching any lookups through the revalidate. - * - * Let all the hard work be done by the revalidate function that - * needs to be able to do this anyway.. - * - * We need to do this before we release the directory semaphore. - */ - dentry->d_op = &autofs4_root_dentry_operations; + unhashed = autofs4_lookup_unhashed(sbi, dentry->d_parent, &dentry->d_name); + if (!unhashed) { + /* + * Mark the dentry incomplete, but add it. This is needed so + * that the VFS layer knows about the dentry, and we can count + * on catching any lookups through the revalidate. + * + * Let all the hard work be done by the revalidate function that + * needs to be able to do this anyway.. + * + * We need to do this before we release the directory semaphore. + */ + dentry->d_op = &autofs4_root_dentry_operations; + + dentry->d_fsdata = NULL; + d_add(dentry, NULL); + } else { + struct autofs_info *ino = autofs4_dentry_ino(unhashed); + DPRINTK("rehash %p with %p", dentry, unhashed); + /* + * If we are racing with expire the request might not + * be quite complete but the directory has been removed + * so it must have been successful, so just wait for it. + */ + if (ino && (ino->flags & AUTOFS_INF_EXPIRING)) { + DPRINTK("wait for incomplete expire %p name=%.*s", + unhashed, unhashed->d_name.len, + unhashed->d_name.name); + autofs4_wait(sbi, unhashed, NFY_NONE); + DPRINTK("request completed"); + } + d_rehash(unhashed); + dentry = unhashed; + } if (!oz_mode) { spin_lock(&dentry->d_lock); dentry->d_flags |= DCACHE_AUTOFS_PENDING; spin_unlock(&dentry->d_lock); } - dentry->d_fsdata = NULL; - d_add(dentry, NULL); if (dentry->d_op && dentry->d_op->d_revalidate) { mutex_unlock(&dir->i_mutex); @@ -534,6 +643,8 @@ static struct dentry *autofs4_lookup(struct inode *dir, struct dentry *dentry, s if (sigismember (sigset, SIGKILL) || sigismember (sigset, SIGQUIT) || sigismember (sigset, SIGINT)) { + if (unhashed) + dput(unhashed); return ERR_PTR(-ERESTARTNOINTR); } } @@ -548,8 +659,14 @@ static struct dentry *autofs4_lookup(struct inode *dir, struct dentry *dentry, s * doesn't do the right thing for all system calls, but it should * be OK for the operations we permit from an autofs. */ - if (dentry->d_inode && d_unhashed(dentry)) + if (dentry->d_inode && d_unhashed(dentry)) { + if (unhashed) + dput(unhashed); return ERR_PTR(-ENOENT); + } + + if (unhashed) + return dentry; return NULL; } @@ -611,9 +728,10 @@ static int autofs4_dir_symlink(struct inode *dir, * Normal filesystems would do a "d_delete()" to tell the VFS dcache * that the file no longer exists. However, doing that means that the * VFS layer can turn the dentry into a negative dentry. We don't want - * this, because since the unlink is probably the result of an expire. - * We simply d_drop it, which allows the dentry lookup to remount it - * if necessary. + * this, because the unlink is probably the result of an expire. + * We simply d_drop it and add it to a rehash candidates list in the + * super block, which allows the dentry lookup to reuse it retaining + * the flags, such as expire in progress, in case we're racing with expire. * * If a process is blocked on the dentry waiting for the expire to finish, * it will invalidate the dentry and try to mount with a new one. @@ -642,7 +760,14 @@ static int autofs4_dir_unlink(struct inode *dir, struct dentry *dentry) dir->i_mtime = CURRENT_TIME; - d_drop(dentry); + spin_lock(&dcache_lock); + spin_lock(&sbi->rehash_lock); + list_add(&ino->rehash, &sbi->rehash_list); + spin_unlock(&sbi->rehash_lock); + spin_lock(&dentry->d_lock); + __d_drop(dentry); + spin_unlock(&dentry->d_lock); + spin_unlock(&dcache_lock); return 0; } @@ -653,6 +778,9 @@ static int autofs4_dir_rmdir(struct inode *dir, struct dentry *dentry) struct autofs_info *ino = autofs4_dentry_ino(dentry); struct autofs_info *p_ino; + DPRINTK("dentry %p, removing %.*s", + dentry, dentry->d_name.len, dentry->d_name.name); + if (!autofs4_oz_mode(sbi)) return -EACCES; @@ -661,6 +789,9 @@ static int autofs4_dir_rmdir(struct inode *dir, struct dentry *dentry) spin_unlock(&dcache_lock); return -ENOTEMPTY; } + spin_lock(&sbi->rehash_lock); + list_add(&ino->rehash, &sbi->rehash_list); + spin_unlock(&sbi->rehash_lock); spin_lock(&dentry->d_lock); __d_drop(dentry); spin_unlock(&dentry->d_lock); -- cgit From c9ffec48487849bc277de662a6c29aad64653b99 Mon Sep 17 00:00:00 2001 From: Ian Kent Date: Tue, 20 Feb 2007 13:58:10 -0800 Subject: [PATCH] autofs4: check for directory re-create in lookup This problem was identified and fixed some time ago by Jeff Moyer but it fell through the cracks somehow. It is possible that a user space application could remove and re-create a directory during a request. To avoid returning a failure from lookup incorrectly when our current dentry is unhashed we need to check if another positive, hashed dentry matching this one exists and if so return it instead of a fail. Signed-off-by: Jeff Moyer Signed-off-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/autofs4/root.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) (limited to 'fs/autofs4/root.c') diff --git a/fs/autofs4/root.c b/fs/autofs4/root.c index 47adf270106a..b4631046867e 100644 --- a/fs/autofs4/root.c +++ b/fs/autofs4/root.c @@ -655,14 +655,29 @@ static struct dentry *autofs4_lookup(struct inode *dir, struct dentry *dentry, s /* * If this dentry is unhashed, then we shouldn't honour this - * lookup even if the dentry is positive. Returning ENOENT here - * doesn't do the right thing for all system calls, but it should - * be OK for the operations we permit from an autofs. + * lookup. Returning ENOENT here doesn't do the right thing + * for all system calls, but it should be OK for the operations + * we permit from an autofs. */ if (dentry->d_inode && d_unhashed(dentry)) { + /* + * A user space application can (and has done in the past) + * remove and re-create this directory during the callback. + * This can leave us with an unhashed dentry, but a + * successful mount! So we need to perform another + * cached lookup in case the dentry now exists. + */ + struct dentry *parent = dentry->d_parent; + struct dentry *new = d_lookup(parent, &dentry->d_name); + if (new != NULL) + dentry = new; + else + dentry = ERR_PTR(-ENOENT); + if (unhashed) dput(unhashed); - return ERR_PTR(-ENOENT); + + return dentry; } if (unhashed) -- cgit From c3724b129b5a1a1789a2dc5348685a236ae02479 Mon Sep 17 00:00:00 2001 From: Jeff Mahoney Date: Wed, 11 Apr 2007 23:28:46 -0700 Subject: [PATCH] autofs4: fix race in unhashed dentry code Commit f50b6f8691cae2e0064c499dd3ef3f31142987f0 introduced a race in autofs4 between autofs_lookup_unhashed() and autofs_dentry_release(). autofs_dentry_release() ends up clearing the ->dentry and ->inode members of autofs_info before removing it from the rehash list. The list is protected by the rehash lock in both functions, but since autofs_dentry_release() starts tearing the autofs_info struct down before removing it from the list, autofs_lookup_unhashed() can get a autofs_info with a NULL dentry. This patch moves the clearing of ->dentry and ->inode after the removal from the rehash list. Signed-off-by: Jeff Mahoney Acked-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/autofs4/root.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'fs/autofs4/root.c') diff --git a/fs/autofs4/root.c b/fs/autofs4/root.c index b4631046867e..d0e9b3a3905d 100644 --- a/fs/autofs4/root.c +++ b/fs/autofs4/root.c @@ -470,9 +470,6 @@ void autofs4_dentry_release(struct dentry *de) if (inf) { struct autofs_sb_info *sbi = autofs4_sbi(de->d_sb); - inf->dentry = NULL; - inf->inode = NULL; - if (sbi) { spin_lock(&sbi->rehash_lock); if (!list_empty(&inf->rehash)) @@ -480,6 +477,9 @@ void autofs4_dentry_release(struct dentry *de) spin_unlock(&sbi->rehash_lock); } + inf->dentry = NULL; + inf->inode = NULL; + autofs4_free_ino(inf); } } -- cgit