From: Al Viro <viro@ZenIV.linux.org.uk>
To: Tim Gardner <timg@tpi.com>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/1] 2.6.39-rc7+ fs: Fix spinlock recursion in get_active_super()
Date: Thu, 19 May 2011 00:06:14 +0100 [thread overview]
Message-ID: <20110518230614.GG19987@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20110518163500.5CA99F912D@sepang.rtg.net>
On Wed, May 18, 2011 at 10:35:00AM -0600, Tim Gardner wrote:
> >From c7d9161350188c8132210eea5c7f6edff94e6c9c Mon Sep 17 00:00:00 2001
> From: Tim Gardner <tim.gardner@canonical.com>
> Date: Wed, 18 May 2011 10:30:02 -0600
> Subject: [PATCH] fs: Fix spinlock recursion in get_active_super()
>
> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
> ---
> fs/super.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/fs/super.c b/fs/super.c
> index 8a06881..e203e2d 100644
> --- a/fs/super.c
> +++ b/fs/super.c
> @@ -503,8 +503,8 @@ struct super_block *get_active_super(struct block_device *bdev)
> if (!bdev)
> return NULL;
>
> -restart:
> spin_lock(&sb_lock);
> +restart:
> list_for_each_entry(sb, &super_blocks, s_list) {
> if (list_empty(&sb->s_instances))
> continue;
WTF? Have you even tried that? The *only* place that contains goto restart
is a few line below and it's
if (grab_super(sb)) /* drops sb_lock */
return sb;
else
goto restart;
See that comment in there? Now let's see if it's true:
static int grab_super(struct super_block *s) __releases(sb_lock)
{
if (atomic_inc_not_zero(&s->s_active)) {
spin_unlock(&sb_lock);
return 1;
}
/* it's going away */
s->s_count++;
spin_unlock(&sb_lock);
/* wait for it to die */
down_write(&s->s_umount);
up_write(&s->s_umount);
put_super(s);
return 0;
}
Note spin_unlock on both paths. Morever, note blocking operations on the
path that returns 0. If we had somehow managed to get through that without
dropping sb_locked we'd be FUBAR for obvious reasons.
IOW, if your testing had *ever* hit that goto, you'd get instant trouble.
On the exit from get_active_super() you'd hit spin_unlock(&sb_lock), with
rather nasty consequences the next time somebody would try to get it...
prev parent reply other threads:[~2011-05-18 23:06 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-18 16:35 [PATCH 1/1] 2.6.39-rc7+ fs: Fix spinlock recursion in get_active_super() Tim Gardner
2011-05-18 18:15 ` Christoph Hellwig
2011-05-18 18:51 ` Tim Gardner
2011-05-18 23:06 ` Al Viro [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110518230614.GG19987@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=timg@tpi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.