From 978d6d8c4574098050b22281b9ed06818c0b23ca Mon Sep 17 00:00:00 2001 From: Tyler Hicks Date: Mon, 12 Dec 2011 10:02:30 -0600 Subject: [PATCH 1/5] vfs: Correctly set the dir i_mutex lockdep class 9a7aa12f3911853a introduced additional logic around setting the i_mutex lockdep class for directory inodes. The idea was that some filesystems may want their own special lockdep class for different directory inodes and calling unlock_new_inode() should not clobber one of those special classes. I believe that the added conditional, around the *negated* return value of lockdep_match_class(), caused directory inodes to be placed in the wrong lockdep class. inode_init_always() sets the i_mutex lockdep class with i_mutex_key for all inodes. If the filesystem did not change the class during inode initialization, then the conditional mentioned above was false and the directory inode was incorrectly left in the non-directory lockdep class. If the filesystem did set a special lockdep class, then the conditional mentioned above was true and that class was clobbered with i_mutex_dir_key. This patch removes the negation from the conditional so that the i_mutex lockdep class is properly set for directory inodes. Special classes are preserved and directory inodes with unmodified classes are set with i_mutex_dir_key. Signed-off-by: Tyler Hicks Reviewed-by: Jan Kara Signed-off-by: Al Viro --- fs/inode.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/inode.c b/fs/inode.c index d3ebdbe723d0d2..8affbc9c211b4d 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -938,8 +938,7 @@ void lockdep_annotate_inode_mutex_key(struct inode *inode) struct file_system_type *type = inode->i_sb->s_type; /* Set new key only if filesystem hasn't already changed it */ - if (!lockdep_match_class(&inode->i_mutex, - &type->i_mutex_key)) { + if (lockdep_match_class(&inode->i_mutex, &type->i_mutex_key)) { /* * ensure nobody is actually holding i_mutex */ From f6940fe9092e796119af691c7f722c252f4fc524 Mon Sep 17 00:00:00 2001 From: Jan Kara Date: Mon, 20 Feb 2012 17:54:00 +0100 Subject: [PATCH 2/5] udf: Fix deadlock in udf_release_file() udf_release_file() can be called from munmap() path with mmap_sem held. Thus we cannot take i_mutex there because that ranks above mmap_sem. Luckily, i_mutex is not needed in udf_release_file() anymore since protection by i_data_sem is enough to protect from races with write and truncate. Reported-by: Al Viro Reviewed-by: Namjae Jeon Signed-off-by: Jan Kara Signed-off-by: Al Viro --- fs/udf/file.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/fs/udf/file.c b/fs/udf/file.c index dca0c3881e82df..d567b8448dfca1 100644 --- a/fs/udf/file.c +++ b/fs/udf/file.c @@ -201,12 +201,10 @@ long udf_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) static int udf_release_file(struct inode *inode, struct file *filp) { if (filp->f_mode & FMODE_WRITE) { - mutex_lock(&inode->i_mutex); down_write(&UDF_I(inode)->i_data_sem); udf_discard_prealloc(inode); udf_truncate_tail_extent(inode); up_write(&UDF_I(inode)->i_data_sem); - mutex_unlock(&inode->i_mutex); } return 0; } From 097b180ca09b581ef0dc24fbcfc1b227de3875df Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Tue, 6 Mar 2012 13:56:33 +0100 Subject: [PATCH 3/5] vfs: fix double put after complete_walk() complete_walk() already puts nd->path, no need to do it again at cleanup time. This would result in Oopses if triggered, apparently the codepath is not too well exercised. Signed-off-by: Miklos Szeredi CC: stable@vger.kernel.org Signed-off-by: Al Viro --- fs/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index e2ba62820a0f35..f79aef16320b2a 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2261,7 +2261,7 @@ static struct file *do_last(struct nameidata *nd, struct path *path, /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ error = complete_walk(nd); if (error) - goto exit; + return ERR_PTR(error); error = -EISDIR; if (S_ISDIR(nd->inode->i_mode)) goto exit; From 7f6c7e62fcc123e6bd9206da99a2163fe3facc31 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Tue, 6 Mar 2012 13:56:34 +0100 Subject: [PATCH 4/5] vfs: fix return value from do_last() complete_walk() returns either ECHILD or ESTALE. do_last() turns this into ECHILD unconditionally. If not in RCU mode, this error will reach userspace which is complete nonsense. Signed-off-by: Miklos Szeredi CC: stable@vger.kernel.org Signed-off-by: Al Viro --- fs/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index f79aef16320b2a..46ea9cc16647c0 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2162,7 +2162,7 @@ static struct file *do_last(struct nameidata *nd, struct path *path, /* sayonara */ error = complete_walk(nd); if (error) - return ERR_PTR(-ECHILD); + return ERR_PTR(error); error = -ENOTDIR; if (nd->flags & LOOKUP_DIRECTORY) { From 310fa7a36722017088af123043ebd231cd6bc559 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 10 Mar 2012 17:07:28 -0500 Subject: [PATCH 5/5] restore smp_mb() in unlock_new_inode() wait_on_inode() doesn't have ->i_lock Signed-off-by: Al Viro --- fs/inode.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/inode.c b/fs/inode.c index 8affbc9c211b4d..83ab215baab11b 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -965,6 +965,7 @@ void unlock_new_inode(struct inode *inode) spin_lock(&inode->i_lock); WARN_ON(!(inode->i_state & I_NEW)); inode->i_state &= ~I_NEW; + smp_mb(); wake_up_bit(&inode->i_state, __I_NEW); spin_unlock(&inode->i_lock); }