kernel-ark/fs
NeilBrown 21c0d8fdd9 [PATCH] knfsd: close a race-opportunity in d_splice_alias
There is a possible race in d_splice_alias.  Though __d_find_alias(inode, 1)
will only return a dentry with DCACHE_DISCONNECTED set, it is possible for it
to get cleared before the BUG_ON, and it is is not possible to lock against
that.

There are a couple of problems here.  Firstly, the code doesn't match the
comment.  The comment describes a 'disconnected' dentry as being IS_ROOT as
well as DCACHE_DISCONNECTED, however there is not testing of IS_ROOT anythere.

A dentry is marked DCACHE_DISCONNECTED when allocated with d_alloc_anon, and
remains DCACHE_DISCONNECTED while a path is built up towards the root.  So a
dentry can have a valid name and a valid parent and even grandparent, but will
still be DCACHE_DISCONNECTED until a path to the root is created.  Once the
path to the root is complete, everything in the path gets DCACHE_DISCONNECTED
cleared.  So the fact that DCACHE_DISCONNECTED isn't enough to say that a
dentry is free to be spliced in with a given name.  This can only be allowed
if the dentry does not yet have a name, so the IS_ROOT test is needed too.

However even adding that test to __d_find_alias isn't enough.  As
d_splice_alias drops dcache_lock before calling d_move to perform the splice,
it could race with another thread calling d_splice_alias to splice the inode
in with a different name in a different part of the tree (in the case where a
file has hard links).  So that splicing code is only really safe for
directories (as we know that directories only have one link).  For
directories, the caller of d_splice_alias will be holding i_mutex on the
(unique) parent so there is no room for a race.

A consequence of this is that a non-directory will never benefit from being
spliced into a pre-exisiting dentry, but that isn't a problem.  It is
perfectly OK for a non-directory to have multiple dentries, some anonymous,
some not.  And the comment for d_splice_alias says that it only happens for
directories anyway.

Signed-off-by: Neil Brown <neilb@suse.de>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Dipankar Sarma <dipankar@in.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-10-04 07:55:21 -07:00
..
9p [PATCH] r/o bind mount prepwork: inc_nlink() helper 2006-10-01 00:39:30 -07:00
adfs [PATCH] Streamline generic_file_* interfaces and filemap cleanups 2006-10-01 00:39:28 -07:00
affs [PATCH] Streamline generic_file_* interfaces and filemap cleanups 2006-10-01 00:39:28 -07:00
afs [PATCH] VFS: Make filldir_t and struct kstat deal in 64-bit inode numbers 2006-10-03 08:03:40 -07:00
autofs [PATCH] r/o bind mount prepwork: inc_nlink() helper 2006-10-01 00:39:30 -07:00
autofs4 [PATCH] r/o bind mounts: monitor zeroing of i_nlink 2006-10-01 00:39:30 -07:00
befs fix file specification in comments 2006-10-03 23:01:26 +02:00
bfs [PATCH] r/o bind mount prepwork: inc_nlink() helper 2006-10-01 00:39:30 -07:00
cifs Still more typo fixes 2006-10-03 22:36:44 +02:00
coda [PATCH] r/o bind mount prepwork: inc_nlink() helper 2006-10-01 00:39:30 -07:00
configfs [PATCH] pr_debug: configfs: use size_t length modifier in pr_debug format argument 2006-10-03 08:04:19 -07:00
cramfs [PATCH] cramfs: make cramfs_uncompress_exit() return void 2006-09-29 09:18:20 -07:00
debugfs debugfs: spelling fix 2006-10-03 23:28:36 +02:00
devpts
efs
exportfs [PATCH] VFS: Make filldir_t and struct kstat deal in 64-bit inode numbers 2006-10-03 08:03:40 -07:00
ext2 [PATCH] r/o bind mounts: unlink: monitor i_nlink 2006-10-01 00:39:30 -07:00
ext3 [PATCH] r/o bind mounts: monitor zeroing of i_nlink 2006-10-01 00:39:30 -07:00
fat [PATCH] VFS: Make filldir_t and struct kstat deal in 64-bit inode numbers 2006-10-03 08:03:40 -07:00
freevxfs [PATCH] freevxfs: fix leak on error path 2006-09-29 09:18:20 -07:00
fuse [PATCH] r/o bind mounts: monitor zeroing of i_nlink 2006-10-01 00:39:30 -07:00
hfs [PATCH] r/o bind mounts: monitor zeroing of i_nlink 2006-10-01 00:39:30 -07:00
hfsplus fix file specification in comments 2006-10-03 23:01:26 +02:00
hostfs [PATCH] Streamline generic_file_* interfaces and filemap cleanups 2006-10-01 00:39:28 -07:00
hpfs [PATCH] r/o bind mounts: monitor zeroing of i_nlink 2006-10-01 00:39:30 -07:00
hppfs
hugetlbfs [PATCH] r/o bind mount prepwork: inc_nlink() helper 2006-10-01 00:39:30 -07:00
isofs
jbd fix file specification in comments 2006-10-03 23:01:26 +02:00
jffs [PATCH] r/o bind mounts: unlink: monitor i_nlink 2006-10-01 00:39:30 -07:00
jffs2 [PATCH] r/o bind mount prepwork: inc_nlink() helper 2006-10-01 00:39:30 -07:00
jfs JFS: White space cleanup 2006-10-02 09:55:27 -05:00
lockd [PATCH] knfsd: lockd: fix refount on nsm 2006-10-04 07:55:20 -07:00
minix [PATCH] r/o bind mounts: unlink: monitor i_nlink 2006-10-01 00:39:30 -07:00
msdos [PATCH] r/o bind mounts: monitor zeroing of i_nlink 2006-10-01 00:39:30 -07:00
ncpfs [PATCH] Move ncpfs 32bit compat ioctl to ncpfs 2006-10-01 00:39:23 -07:00
nfs [PATCH] namespaces: utsname: switch to using uts namespaces 2006-10-02 07:57:21 -07:00
nfs_common
nfsd [PATCH] knfsd: fix auto-sizing of nfsd request/reply buffers 2006-10-04 07:55:21 -07:00
nls fix file specification in comments 2006-10-03 23:01:26 +02:00
ntfs [PATCH] Streamline generic_file_* interfaces and filemap cleanups 2006-10-01 00:39:28 -07:00
ocfs2 [PATCH] r/o bind mounts: clean up OCFS2 nlink handling 2006-10-01 00:39:30 -07:00
openpromfs
partitions [PATCH] fs/partitions: Conversion to generic boolean 2006-10-01 00:39:19 -07:00
proc [PATCH] introduce get_task_pid() to fix unsafe get_pid() 2006-10-02 07:57:25 -07:00
qnx4 [PATCH] r/o bind mounts: monitor zeroing of i_nlink 2006-10-01 00:39:30 -07:00
ramfs [PATCH] r/o bind mount prepwork: inc_nlink() helper 2006-10-01 00:39:30 -07:00
reiserfs [PATCH] Remove unnecessary check in fs/reiserfs/inode.c 2006-10-04 07:55:14 -07:00
romfs
smbfs [PATCH] Streamline generic_file_* interfaces and filemap cleanups 2006-10-01 00:39:28 -07:00
sysfs [PATCH] pr_debug: sysfs: use size_t length modifier in pr_debug format arguments 2006-10-03 08:04:19 -07:00
sysv [PATCH] r/o bind mounts: unlink: monitor i_nlink 2006-10-01 00:39:30 -07:00
udf [PATCH] r/o bind mounts: monitor zeroing of i_nlink 2006-10-01 00:39:30 -07:00
ufs [PATCH] r/o bind mounts: unlink: monitor i_nlink 2006-10-01 00:39:30 -07:00
vfat [PATCH] r/o bind mounts: monitor zeroing of i_nlink 2006-10-01 00:39:30 -07:00
xfs BUG_ON conversion for fs/xfs/ 2006-10-03 23:37:55 +02:00
aio.c [PATCH] pr_debug: aio: use size_t length modifier in pr_debug format arguments 2006-10-03 08:04:19 -07:00
attr.c
bad_inode.c [PATCH] Remove readv/writev methods and use aio_read/aio_write instead 2006-10-01 00:39:28 -07:00
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c [PATCH] Support piping into commands in /proc/sys/kernel/core_pattern 2006-10-01 00:39:33 -07:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio.c [PATCH] Update axboe@suse.de email address 2006-09-30 20:52:34 +02:00
block_dev.c [PATCH] Streamline generic_file_* interfaces and filemap cleanups 2006-10-01 00:39:28 -07:00
buffer.c [PATCH] BLOCK: Move functions out of buffer code [try #6] 2006-09-30 20:31:19 +02:00
char_dev.c [PATCH] BLOCK: Move extern declarations out of fs/*.c into header files [try #6] 2006-09-30 20:52:18 +02:00
compat_ioctl.c [PATCH] Move ncpfs 32bit compat ioctl to ncpfs 2006-10-01 00:39:23 -07:00
compat.c [PATCH] VFS: Make filldir_t and struct kstat deal in 64-bit inode numbers 2006-10-03 08:03:40 -07:00
dcache.c [PATCH] knfsd: close a race-opportunity in d_splice_alias 2006-10-04 07:55:21 -07:00
dcookies.c
direct-io.c
dnotify.c [PATCH] file: modify struct fown_struct to use a struct pid 2006-10-02 07:57:14 -07:00
dquot.c
drop_caches.c
eventpoll.c [PATCH] fs/eventpoll: error handling micro-cleanup 2006-10-03 08:03:41 -07:00
exec.c [PATCH] namespaces: utsname: switch to using uts namespaces 2006-10-02 07:57:21 -07:00
fcntl.c [PATCH] file: Add locking to f_getown 2006-10-02 07:57:15 -07:00
fifo.c
file_table.c [PATCH] file: modify struct fown_struct to use a struct pid 2006-10-02 07:57:14 -07:00
file.c [PATCH] expand_fdtable(): remove pointless unlock+lock 2006-09-29 09:18:25 -07:00
filesystems.c [PATCH] Ban register_filesystem(NULL); 2006-09-29 09:18:20 -07:00
fs-writeback.c [PATCH] BLOCK: Remove dependence on existence of blockdev_superblock [try #6] 2006-09-30 20:52:26 +02:00
generic_acl.c [PATCH] Generic infrastructure for acls 2006-09-29 09:18:24 -07:00
inode.c [PATCH] fs/inode.c tweaks 2006-10-02 07:57:14 -07:00
inotify_user.c
inotify.c
internal.h [PATCH] CONFIG_BLOCK internal.h cleanups 2006-09-30 20:52:32 +02:00
ioctl.c
ioprio.c [PATCH] Update axboe@suse.de email address 2006-09-30 20:52:34 +02:00
Kconfig Still more typo fixes 2006-10-03 22:36:44 +02:00
Kconfig.binfmt
libfs.c [PATCH] r/o bind mount prepwork: inc_nlink() helper 2006-10-01 00:39:30 -07:00
locks.c [PATCH] file: modify struct fown_struct to use a struct pid 2006-10-02 07:57:14 -07:00
Makefile [PATCH] Create fs/utimes.c 2006-10-01 00:39:19 -07:00
mbcache.c
mpage.c [PATCH] BLOCK: Dissociate generic_writepages() from mpage stuff [try #6] 2006-09-30 20:52:26 +02:00
namei.c [PATCH] r/o bind mount prepwork: move open_namei()'s vfs_create() 2006-10-01 00:39:30 -07:00
namespace.c [PATCH] namespaces: incorporate fs namespace into nsproxy 2006-10-02 07:57:20 -07:00
nfsctl.c
no-block.c [PATCH] BLOCK: Make it possible to disable the block layer [try #6] 2006-09-30 20:52:31 +02:00
open.c [PATCH] r/o bind mounts: prepare for write access checks: collapse if() 2006-10-01 00:39:30 -07:00
pipe.c [PATCH] Some cleanup in the pipe code 2006-10-01 00:39:33 -07:00
pnode.c
pnode.h
posix_acl.c [PATCH] kmemdup: some users 2006-10-01 00:39:19 -07:00
quota_v1.c
quota_v2.c
quota.c [PATCH] BLOCK: Make it possible to disable the block layer [try #6] 2006-09-30 20:52:31 +02:00
read_write.c [PATCH] Add vector AIO support 2006-10-01 00:39:29 -07:00
read_write.h [PATCH] Remove readv/writev methods and use aio_read/aio_write instead 2006-10-01 00:39:28 -07:00
readdir.c [PATCH] VFS: Make filldir_t and struct kstat deal in 64-bit inode numbers 2006-10-03 08:03:40 -07:00
select.c [PATCH] enforce RLIMIT_NOFILE in poll() 2006-09-29 09:18:23 -07:00
seq_file.c
splice.c [PATCH] Update axboe@suse.de email address 2006-09-30 20:52:34 +02:00
stat.c [PATCH] VFS: Make filldir_t and struct kstat deal in 64-bit inode numbers 2006-10-03 08:03:40 -07:00
super.c [PATCH] BLOCK: Make it possible to disable the block layer [try #6] 2006-09-30 20:52:31 +02:00
sync.c [PATCH] BLOCK: Move functions out of buffer code [try #6] 2006-09-30 20:31:19 +02:00
utimes.c [PATCH] Create fs/utimes.c 2006-10-01 00:39:19 -07:00
xattr_acl.c
xattr.c