From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Ben England <bengland@redhat.com>,
Jeff Layton <jlayton@kernel.org>, "Yan, Zheng" <zyan@redhat.com>,
Ilya Dryomov <idryomov@gmail.com>
Subject: [PATCH 4.14 11/53] ceph: only use d_name directly when parent is locked
Date: Tue, 30 Apr 2019 13:38:18 +0200 [thread overview]
Message-ID: <20190430113552.377906541@linuxfoundation.org> (raw)
In-Reply-To: <20190430113549.400132183@linuxfoundation.org>
From: Jeff Layton <jlayton@kernel.org>
commit 1bcb344086f3ecf8d6705f6d708441baa823beb3 upstream.
Ben reported tripping the BUG_ON in create_request_message during some
performance testing. Analysis of the vmcore showed that the length of
the r_dentry->d_name string changed after we allocated the buffer, but
before we encoded it.
build_dentry_path returns pointers to d_name in the common case of
non-snapped dentries, but this optimization isn't safe unless the parent
directory is locked. When it isn't, have the code make a copy of the
d_name while holding the d_lock.
Cc: stable@vger.kernel.org
Reported-by: Ben England <bengland@redhat.com>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ceph/mds_client.c | 61 +++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 50 insertions(+), 11 deletions(-)
--- a/fs/ceph/mds_client.c
+++ b/fs/ceph/mds_client.c
@@ -1863,10 +1863,39 @@ retry:
return path;
}
+/* Duplicate the dentry->d_name.name safely */
+static int clone_dentry_name(struct dentry *dentry, const char **ppath,
+ int *ppathlen)
+{
+ u32 len;
+ char *name;
+
+retry:
+ len = READ_ONCE(dentry->d_name.len);
+ name = kmalloc(len + 1, GFP_NOFS);
+ if (!name)
+ return -ENOMEM;
+
+ spin_lock(&dentry->d_lock);
+ if (dentry->d_name.len != len) {
+ spin_unlock(&dentry->d_lock);
+ kfree(name);
+ goto retry;
+ }
+ memcpy(name, dentry->d_name.name, len);
+ spin_unlock(&dentry->d_lock);
+
+ name[len] = '\0';
+ *ppath = name;
+ *ppathlen = len;
+ return 0;
+}
+
static int build_dentry_path(struct dentry *dentry, struct inode *dir,
const char **ppath, int *ppathlen, u64 *pino,
- int *pfreepath)
+ bool *pfreepath, bool parent_locked)
{
+ int ret;
char *path;
rcu_read_lock();
@@ -1875,8 +1904,15 @@ static int build_dentry_path(struct dent
if (dir && ceph_snap(dir) == CEPH_NOSNAP) {
*pino = ceph_ino(dir);
rcu_read_unlock();
- *ppath = dentry->d_name.name;
- *ppathlen = dentry->d_name.len;
+ if (parent_locked) {
+ *ppath = dentry->d_name.name;
+ *ppathlen = dentry->d_name.len;
+ } else {
+ ret = clone_dentry_name(dentry, ppath, ppathlen);
+ if (ret)
+ return ret;
+ *pfreepath = true;
+ }
return 0;
}
rcu_read_unlock();
@@ -1884,13 +1920,13 @@ static int build_dentry_path(struct dent
if (IS_ERR(path))
return PTR_ERR(path);
*ppath = path;
- *pfreepath = 1;
+ *pfreepath = true;
return 0;
}
static int build_inode_path(struct inode *inode,
const char **ppath, int *ppathlen, u64 *pino,
- int *pfreepath)
+ bool *pfreepath)
{
struct dentry *dentry;
char *path;
@@ -1906,7 +1942,7 @@ static int build_inode_path(struct inode
if (IS_ERR(path))
return PTR_ERR(path);
*ppath = path;
- *pfreepath = 1;
+ *pfreepath = true;
return 0;
}
@@ -1917,7 +1953,7 @@ static int build_inode_path(struct inode
static int set_request_path_attr(struct inode *rinode, struct dentry *rdentry,
struct inode *rdiri, const char *rpath,
u64 rino, const char **ppath, int *pathlen,
- u64 *ino, int *freepath)
+ u64 *ino, bool *freepath, bool parent_locked)
{
int r = 0;
@@ -1927,7 +1963,7 @@ static int set_request_path_attr(struct
ceph_snap(rinode));
} else if (rdentry) {
r = build_dentry_path(rdentry, rdiri, ppath, pathlen, ino,
- freepath);
+ freepath, parent_locked);
dout(" dentry %p %llx/%.*s\n", rdentry, *ino, *pathlen,
*ppath);
} else if (rpath || rino) {
@@ -1953,7 +1989,7 @@ static struct ceph_msg *create_request_m
const char *path2 = NULL;
u64 ino1 = 0, ino2 = 0;
int pathlen1 = 0, pathlen2 = 0;
- int freepath1 = 0, freepath2 = 0;
+ bool freepath1 = false, freepath2 = false;
int len;
u16 releases;
void *p, *end;
@@ -1961,16 +1997,19 @@ static struct ceph_msg *create_request_m
ret = set_request_path_attr(req->r_inode, req->r_dentry,
req->r_parent, req->r_path1, req->r_ino1.ino,
- &path1, &pathlen1, &ino1, &freepath1);
+ &path1, &pathlen1, &ino1, &freepath1,
+ test_bit(CEPH_MDS_R_PARENT_LOCKED,
+ &req->r_req_flags));
if (ret < 0) {
msg = ERR_PTR(ret);
goto out;
}
+ /* If r_old_dentry is set, then assume that its parent is locked */
ret = set_request_path_attr(NULL, req->r_old_dentry,
req->r_old_dentry_dir,
req->r_path2, req->r_ino2.ino,
- &path2, &pathlen2, &ino2, &freepath2);
+ &path2, &pathlen2, &ino2, &freepath2, true);
if (ret < 0) {
msg = ERR_PTR(ret);
goto out_free1;
next prev parent reply other threads:[~2019-04-30 11:41 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-30 11:38 [PATCH 4.14 00/53] 4.14.115-stable review Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 01/53] kbuild: simplify ld-option implementation Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 02/53] cifs: do not attempt cifs operation on smb2+ rename error Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 03/53] tracing: Fix a memory leak by early error exit in trace_pid_write() Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 04/53] tracing: Fix buffer_ref pipe ops Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 05/53] zram: pass down the bvec we need to read into in the work struct Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 06/53] lib/Kconfig.debug: fix build error without CONFIG_BLOCK Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 07/53] MIPS: scall64-o32: Fix indirect syscall number load Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 08/53] trace: Fix preempt_enable_no_resched() abuse Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 09/53] IB/rdmavt: Fix frwr memory registration Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 10/53] sched/numa: Fix a possible divide-by-zero Greg Kroah-Hartman
2019-04-30 11:38 ` Greg Kroah-Hartman [this message]
2019-04-30 11:38 ` [PATCH 4.14 12/53] ceph: ensure d_name stability in ceph_dentry_hash() Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 13/53] ceph: fix ci->i_head_snapc leak Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 14/53] nfsd: Dont release the callback slot unless it was actually held Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 15/53] sunrpc: dont mark uninitialised items as VALID Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 16/53] Input: synaptics-rmi4 - write config register values to the right offset Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 17/53] vfio/type1: Limit DMA mappings per container Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 18/53] dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 19/53] ARM: 8857/1: efi: enable CP15 DMB instructions before cleaning the cache Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 20/53] drm/vc4: Fix memory leak during gpu reset Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 21/53] Revert "drm/i915/fbdev: Actually configure untiled displays" Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 22/53] drm/vc4: Fix compilation error reported by kbuild test bot Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 23/53] USB: Add new USB LPM helpers Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 24/53] USB: Consolidate LPM checks to avoid enabling LPM twice Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 25/53] ext4: fix some error pointer dereferences Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 26/53] vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 27/53] tipc: handle the err returned from cmd header function Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 28/53] slip: make slhc_free() silently accept an error pointer Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 29/53] intel_th: gth: Fix an off-by-one in output unassigning Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 30/53] fs/proc/proc_sysctl.c: Fix a NULL pointer dereference Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 31/53] ipvs: fix warning on unused variable Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 32/53] binder: fix handling of misaligned binder object Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 33/53] sched/deadline: Correctly handle active 0-lag timers Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 34/53] NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 35/53] netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 36/53] fm10k: Fix a potential NULL pointer dereference Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 37/53] tipc: check bearer name with right length in tipc_nl_compat_bearer_enable Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 38/53] tipc: check link name with right length in tipc_nl_compat_link_set Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 39/53] dm integrity: change memcmp to strncmp in dm_integrity_ctr Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 40/53] x86, retpolines: Raise limit for generating indirect calls from switch-case Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 41/53] x86/retpolines: Disable switch jump tables when retpolines are enabled Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 42/53] mm: Fix warning in insert_pfn() Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 43/53] Revert "block/loop: Use global lock for ioctl() operation." Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 44/53] ipv4: add sanity checks in ipv4_link_failure() Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 45/53] mlxsw: spectrum: Fix autoneg status in ethtool Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 46/53] net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 47/53] net: rds: exchange of 8K and 1M pool Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 48/53] net: stmmac: move stmmac_check_ether_addr() to driver probe Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 49/53] stmmac: pci: Adjust IOT2000 matching Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 50/53] team: fix possible recursive locking when add slaves Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 51/53] net/rose: Convert timers to use timer_setup() Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.14 52/53] net/rose: fix unbound loop in rose_loopback_timer() Greg Kroah-Hartman
2019-04-30 11:39 ` [PATCH 4.14 53/53] ipv4: set the tcp_min_rtt_wlen range from 0 to one day Greg Kroah-Hartman
2019-04-30 19:06 ` [PATCH 4.14 00/53] 4.14.115-stable review kernelci.org bot
2019-04-30 22:31 ` shuah
2019-05-01 6:32 ` Naresh Kamboju
2019-05-01 8:25 ` Jon Hunter
2019-05-01 8:25 ` Jon Hunter
2019-05-01 16:44 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190430113552.377906541@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bengland@redhat.com \
--cc=idryomov@gmail.com \
--cc=jlayton@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=zyan@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.