From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Wengang Wang <wen.gang.wang@oracle.com>,
Daniel Sobe <daniel.sobe@nxp.com>,
Changwei Ge <gechangwei@live.cn>,
Joseph Qi <joseph.qi@linux.alibaba.com>,
Mark Fasheh <mark@fasheh.com>, Joel Becker <jlbec@evilplan.org>,
Junxiao Bi <junxiao.bi@oracle.com>, Gang He <ghe@suse.com>,
Jun Piao <piaojun@huawei.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 4.14 10/53] fs/ocfs2: fix race in ocfs2_dentry_attach_lock()
Date: Mon, 17 Jun 2019 23:09:53 +0200 [thread overview]
Message-ID: <20190617210747.205673636@linuxfoundation.org> (raw)
In-Reply-To: <20190617210745.104187490@linuxfoundation.org>
From: Wengang Wang <wen.gang.wang@oracle.com>
commit be99ca2716972a712cde46092c54dee5e6192bf8 upstream.
ocfs2_dentry_attach_lock() can be executed in parallel threads against the
same dentry. Make that race safe. The race is like this:
thread A thread B
(A1) enter ocfs2_dentry_attach_lock,
seeing dentry->d_fsdata is NULL,
and no alias found by
ocfs2_find_local_alias, so kmalloc
a new ocfs2_dentry_lock structure
to local variable "dl", dl1
.....
(B1) enter ocfs2_dentry_attach_lock,
seeing dentry->d_fsdata is NULL,
and no alias found by
ocfs2_find_local_alias so kmalloc
a new ocfs2_dentry_lock structure
to local variable "dl", dl2.
......
(A2) set dentry->d_fsdata with dl1,
call ocfs2_dentry_lock() and increase
dl1->dl_lockres.l_ro_holders to 1 on
success.
......
(B2) set dentry->d_fsdata with dl2
call ocfs2_dentry_lock() and increase
dl2->dl_lockres.l_ro_holders to 1 on
success.
......
(A3) call ocfs2_dentry_unlock()
and decrease
dl2->dl_lockres.l_ro_holders to 0
on success.
....
(B3) call ocfs2_dentry_unlock(),
decreasing
dl2->dl_lockres.l_ro_holders, but
see it's zero now, panic
Link: http://lkml.kernel.org/r/20190529174636.22364-1-wen.gang.wang@oracle.com
Signed-off-by: Wengang Wang <wen.gang.wang@oracle.com>
Reported-by: Daniel Sobe <daniel.sobe@nxp.com>
Tested-by: Daniel Sobe <daniel.sobe@nxp.com>
Reviewed-by: Changwei Ge <gechangwei@live.cn>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ocfs2/dcache.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--- a/fs/ocfs2/dcache.c
+++ b/fs/ocfs2/dcache.c
@@ -310,6 +310,18 @@ int ocfs2_dentry_attach_lock(struct dent
out_attach:
spin_lock(&dentry_attach_lock);
+ if (unlikely(dentry->d_fsdata && !alias)) {
+ /* d_fsdata is set by a racing thread which is doing
+ * the same thing as this thread is doing. Leave the racing
+ * thread going ahead and we return here.
+ */
+ spin_unlock(&dentry_attach_lock);
+ iput(dl->dl_inode);
+ ocfs2_lock_res_free(&dl->dl_lockres);
+ kfree(dl);
+ return 0;
+ }
+
dentry->d_fsdata = dl;
dl->dl_count++;
spin_unlock(&dentry_attach_lock);
next prev parent reply other threads:[~2019-06-17 21:27 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-17 21:09 [PATCH 4.14 00/53] 4.14.128-stable review Greg Kroah-Hartman
2019-06-17 21:09 ` [PATCH 4.14 01/53] drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3) Greg Kroah-Hartman
2019-06-17 21:09 ` [PATCH 4.14 02/53] nouveau: Fix build with CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT disabled Greg Kroah-Hartman
2019-06-17 21:09 ` [PATCH 4.14 03/53] HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth Greg Kroah-Hartman
2019-06-17 21:09 ` [PATCH 4.14 04/53] HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary Greg Kroah-Hartman
2019-06-17 21:09 ` [PATCH 4.14 05/53] ALSA: oxfw: allow PCM capture for Stanton SCS.1m Greg Kroah-Hartman
2019-06-17 21:09 ` [PATCH 4.14 06/53] ALSA: hda/realtek - Update headset mode for ALC256 Greg Kroah-Hartman
2019-06-17 21:09 ` [PATCH 4.14 07/53] ALSA: firewire-motu: fix destruction of data for isochronous resources Greg Kroah-Hartman
2019-06-17 21:09 ` [PATCH 4.14 08/53] libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk Greg Kroah-Hartman
2019-06-17 21:09 ` [PATCH 4.14 09/53] mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node Greg Kroah-Hartman
2019-06-17 21:09 ` Greg Kroah-Hartman [this message]
2019-06-17 21:09 ` [PATCH 4.14 11/53] mm/vmscan.c: fix trying to reclaim unevictable LRU page Greg Kroah-Hartman
2019-06-17 21:09 ` [PATCH 4.14 12/53] [PATCH] signal/ptrace: Dont leak unitialized kernel memory with PTRACE_PEEK_SIGINFO Greg Kroah-Hartman
2019-06-17 21:09 ` [PATCH 4.14 13/53] ptrace: restore smp_rmb() in __ptrace_may_access() Greg Kroah-Hartman
2019-06-17 21:09 ` [PATCH 4.14 14/53] media: v4l2-ioctl: clear fields in s_parm Greg Kroah-Hartman
2019-06-17 21:09 ` [PATCH 4.14 15/53] iommu/arm-smmu: Avoid constant zero in TLBI writes Greg Kroah-Hartman
2019-06-17 21:09 ` [PATCH 4.14 16/53] i2c: acorn: fix i2c warning Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 17/53] bcache: fix stack corruption by PRECEDING_KEY() Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 18/53] cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 19/53] ASoC: cs42xx8: Add regcache mask dirty Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 20/53] ASoC: fsl_asrc: Fix the issue about unsupported rate Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 21/53] drm/i915/sdvo: Implement proper HDMI audio support for SDVO Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 22/53] x86/uaccess, kcov: Disable stack protector Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 23/53] ALSA: seq: Protect in-kernel ioctl calls with mutex Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 24/53] ALSA: seq: Fix race of get-subscription call vs port-delete ioctls Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 25/53] Revert "ALSA: seq: Protect in-kernel ioctl calls with mutex" Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 26/53] s390/kasan: fix strncpy_from_user kasan checks Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 27/53] Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 28/53] scsi: qedi: remove memset/memcpy to nfunc and use func instead Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 29/53] scsi: qedi: remove set but not used variables cdev and udev Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 30/53] scsi: lpfc: add check for loss of ndlp when sending RRQ Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 31/53] arm64/mm: Inhibit huge-vmap with ptdump Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 32/53] nvme: remove the ifdef around nvme_nvm_ioctl Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 33/53] platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 34/53] platform/x86: pmc_atom: Add several Beckhoff Automation boards " Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 35/53] scsi: bnx2fc: fix incorrect cast to u64 on shift operation Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 36/53] libnvdimm: Fix compilation warnings with W=1 Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 37/53] selftests/timers: Add missing fflush(stdout) calls Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 38/53] usbnet: ipheth: fix racing condition Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 39/53] KVM: x86/pmu: do not mask the value that is written to fixed PMUs Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 40/53] KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 41/53] drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 42/53] drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 43/53] usb: dwc2: Fix DMA cache alignment issues Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 44/53] usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression) Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 45/53] USB: Fix chipmunk-like voice when using Logitech C270 for recording audio Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 46/53] USB: usb-storage: Add new ID to ums-realtek Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 47/53] USB: serial: pl2303: add Allied Telesis VT-Kit3 Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 48/53] USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 49/53] USB: serial: option: add Telit 0x1260 and 0x1261 compositions Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 50/53] RAS/CEC: Fix binary search function Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 51/53] x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 52/53] x86/kasan: Fix boot with 5-level paging and KASAN Greg Kroah-Hartman
2019-06-17 21:10 ` [PATCH 4.14 53/53] rtc: pcf8523: dont return invalid date when battery is low Greg Kroah-Hartman
2019-06-18 1:30 ` [PATCH 4.14 00/53] 4.14.128-stable review kernelci.org bot
2019-06-18 6:35 ` Naresh Kamboju
2019-06-18 13:46 ` shuah
2019-06-18 16:37 ` Guenter Roeck
2019-06-19 8:49 ` Jon Hunter
2019-06-19 8:49 ` Jon Hunter
2019-06-19 10:46 ` Greg Kroah-Hartman
2019-06-19 13:30 ` Jon Hunter
2019-06-19 13:30 ` Jon Hunter
2019-06-19 13:40 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190617210747.205673636@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=daniel.sobe@nxp.com \
--cc=gechangwei@live.cn \
--cc=ghe@suse.com \
--cc=jlbec@evilplan.org \
--cc=joseph.qi@linux.alibaba.com \
--cc=junxiao.bi@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mark@fasheh.com \
--cc=piaojun@huawei.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=wen.gang.wang@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.