From: Al Viro <viro@zeniv.linux.org.uk>
To: Jan Kara <jack@suse.cz>
Cc: linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org,
Ted Tso <tytso@mit.edu>,
linux-xfs@vger.kernel.org
Subject: Re: Locking issue with directory renames
Date: Wed, 18 Jan 2023 16:30:06 +0000 [thread overview]
Message-ID: <Y8gejpDqxV6Uo/xY@ZenIV> (raw)
In-Reply-To: <20230118091036.qqscls22q6htxscf@quack3>
On Wed, Jan 18, 2023 at 10:10:36AM +0100, Jan Kara wrote:
>
> Yes, we can lock the source inode in ->rename() if we need it. The snag is
> that if 'target' exists, it is already locked so when locking 'source' we
> are possibly not following the VFS lock ordering of i_rwsem by inode
> address (I don't think it can cause any real dealock but still it looks
> suspicious). Also we'll have to lock with I_MUTEX_NONDIR2 lockdep class to
> make lockdep happy but that's just a minor annoyance. Finally, we'll have
> to check for RENAME_EXCHANGE because in that case, both source and target
> will be already locked. Thus if we do the additional locking in the
> filesystem, we will leak quite some details about rename locking into the
> filesystem which seems undesirable to me.
Rules for inode locks are simple:
* directories before non-directories
* ancestors before descendents
* for non-directories the ordering is by in-core inode address
So the instances that need that extra lock would do that when source is
a directory and non RENAME_EXCHANGE is given. Having the target already
locked is irrelevant - if it exists, it's already checked to be a directory
as well, and had it been a descendent of source, we would have already
found that and failed with -ELOOP.
If A and B are both directories, there's no ordering between them unless
one is an ancestor of another - such can be locked in any order.
However, one of the following must be true:
* C is locked and both A and B had been observed to be children of C
after the lock on C had been acquired, or
* ->s_vfs_rename_mutex is held for the filesystem containing both
A and B.
Note that ->s_vfs_rename_mutex is there to stabilize the tree topology and
make "is A an ancestor of B?" possible to check for more than "A is locked,
B is a child of A, so A will remain its ancestor until unlocked"...
next prev parent reply other threads:[~2023-01-18 16:32 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-17 12:37 Locking issue with directory renames Jan Kara
2023-01-17 16:57 ` Al Viro
2023-01-18 9:10 ` Jan Kara
2023-01-18 16:30 ` Al Viro [this message]
2023-01-18 18:41 ` Jan Kara
2023-01-17 21:44 ` Dave Chinner
2023-01-18 8:56 ` Jan Kara
2023-02-24 0:19 ` Kent Overstreet
2023-02-25 3:46 ` Darrick J. Wong
2023-02-28 1:58 ` Dave Chinner
2023-03-01 12:36 ` Jan Kara
2023-03-02 0:30 ` Dave Chinner
2023-03-02 9:21 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y8gejpDqxV6Uo/xY@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=jack@suse.cz \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.