From b928095b0a7cff7fb9fcf4c706348ceb8ab2c295 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 24 Sep 2014 17:56:17 +0200 Subject: shmem: fix nlink for rename overwrite directory If overwriting an empty directory with rename, then need to drop the extra nlink. Test prog: #include #include #include #include int main(void) { const char *test_dir1 = "test-dir1"; const char *test_dir2 = "test-dir2"; int res; int fd; struct stat statbuf; res = mkdir(test_dir1, 0777); if (res == -1) err(1, "mkdir(\"%s\")", test_dir1); res = mkdir(test_dir2, 0777); if (res == -1) err(1, "mkdir(\"%s\")", test_dir2); fd = open(test_dir2, O_RDONLY); if (fd == -1) err(1, "open(\"%s\")", test_dir2); res = rename(test_dir1, test_dir2); if (res == -1) err(1, "rename(\"%s\", \"%s\")", test_dir1, test_dir2); res = fstat(fd, &statbuf); if (res == -1) err(1, "fstat(%i)", fd); if (statbuf.st_nlink != 0) { fprintf(stderr, "nlink is %lu, should be 0\n", statbuf.st_nlink); return 1; } return 0; } Signed-off-by: Miklos Szeredi Cc: stable@vger.kernel.org Signed-off-by: Al Viro --- mm/shmem.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mm/shmem.c b/mm/shmem.c index 0e5fb225007c..469f90d56051 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -2367,8 +2367,10 @@ static int shmem_rename2(struct inode *old_dir, struct dentry *old_dentry, struc if (new_dentry->d_inode) { (void) shmem_unlink(new_dir, new_dentry); - if (they_are_dirs) + if (they_are_dirs) { + drop_nlink(new_dentry->d_inode); drop_nlink(old_dir); + } } else if (they_are_dirs) { drop_nlink(old_dir); inc_nlink(new_dir); -- cgit v1.2.3 From 2c80929c4c4d54e568b07ab85877d5fd38f4b02f Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 24 Sep 2014 17:09:11 +0200 Subject: fuse: honour max_read and max_write in direct_io mode The third argument of fuse_get_user_pages() "nbytesp" refers to the number of bytes a caller asked to pack into fuse request. This value may be lesser than capacity of fuse request or iov_iter. So fuse_get_user_pages() must ensure that *nbytesp won't grow. Now, when helper iov_iter_get_pages() performs all hard work of extracting pages from iov_iter, it can be done by passing properly calculated "maxsize" to the helper. The other caller of iov_iter_get_pages() (dio_refill_pages()) doesn't need this capability, so pass LONG_MAX as the maxsize argument here. Fixes: c9c37e2e6378 ("fuse: switch to iov_iter_get_pages()") Reported-by: Werner Baumann Tested-by: Maxim Patlasov Signed-off-by: Miklos Szeredi Signed-off-by: Al Viro --- fs/direct-io.c | 2 +- fs/fuse/file.c | 1 + include/linux/uio.h | 2 +- mm/iov_iter.c | 14 +++++++++----- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/fs/direct-io.c b/fs/direct-io.c index c3116404ab49..e181b6b2e297 100644 --- a/fs/direct-io.c +++ b/fs/direct-io.c @@ -158,7 +158,7 @@ static inline int dio_refill_pages(struct dio *dio, struct dio_submit *sdio) { ssize_t ret; - ret = iov_iter_get_pages(sdio->iter, dio->pages, DIO_PAGES, + ret = iov_iter_get_pages(sdio->iter, dio->pages, LONG_MAX, DIO_PAGES, &sdio->from); if (ret < 0 && sdio->blocks_available && (dio->rw & WRITE)) { diff --git a/fs/fuse/file.c b/fs/fuse/file.c index 912061ac4baf..caa8d95b24e8 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -1305,6 +1305,7 @@ static int fuse_get_user_pages(struct fuse_req *req, struct iov_iter *ii, size_t start; ssize_t ret = iov_iter_get_pages(ii, &req->pages[req->num_pages], + *nbytesp - nbytes, req->max_pages - req->num_pages, &start); if (ret < 0) diff --git a/include/linux/uio.h b/include/linux/uio.h index 48d64e6ab292..290fbf0b6b8a 100644 --- a/include/linux/uio.h +++ b/include/linux/uio.h @@ -84,7 +84,7 @@ unsigned long iov_iter_alignment(const struct iov_iter *i); void iov_iter_init(struct iov_iter *i, int direction, const struct iovec *iov, unsigned long nr_segs, size_t count); ssize_t iov_iter_get_pages(struct iov_iter *i, struct page **pages, - unsigned maxpages, size_t *start); + size_t maxsize, unsigned maxpages, size_t *start); ssize_t iov_iter_get_pages_alloc(struct iov_iter *i, struct page ***pages, size_t maxsize, size_t *start); int iov_iter_npages(const struct iov_iter *i, int maxpages); diff --git a/mm/iov_iter.c b/mm/iov_iter.c index ab88dc0ea1d3..9a09f2034fcc 100644 --- a/mm/iov_iter.c +++ b/mm/iov_iter.c @@ -310,7 +310,7 @@ void iov_iter_init(struct iov_iter *i, int direction, EXPORT_SYMBOL(iov_iter_init); static ssize_t get_pages_iovec(struct iov_iter *i, - struct page **pages, unsigned maxpages, + struct page **pages, size_t maxsize, unsigned maxpages, size_t *start) { size_t offset = i->iov_offset; @@ -323,6 +323,8 @@ static ssize_t get_pages_iovec(struct iov_iter *i, len = iov->iov_len - offset; if (len > i->count) len = i->count; + if (len > maxsize) + len = maxsize; addr = (unsigned long)iov->iov_base + offset; len += *start = addr & (PAGE_SIZE - 1); if (len > maxpages * PAGE_SIZE) @@ -588,13 +590,15 @@ static unsigned long alignment_bvec(const struct iov_iter *i) } static ssize_t get_pages_bvec(struct iov_iter *i, - struct page **pages, unsigned maxpages, + struct page **pages, size_t maxsize, unsigned maxpages, size_t *start) { const struct bio_vec *bvec = i->bvec; size_t len = bvec->bv_len - i->iov_offset; if (len > i->count) len = i->count; + if (len > maxsize) + len = maxsize; /* can't be more than PAGE_SIZE */ *start = bvec->bv_offset + i->iov_offset; @@ -711,13 +715,13 @@ unsigned long iov_iter_alignment(const struct iov_iter *i) EXPORT_SYMBOL(iov_iter_alignment); ssize_t iov_iter_get_pages(struct iov_iter *i, - struct page **pages, unsigned maxpages, + struct page **pages, size_t maxsize, unsigned maxpages, size_t *start) { if (i->type & ITER_BVEC) - return get_pages_bvec(i, pages, maxpages, start); + return get_pages_bvec(i, pages, maxsize, maxpages, start); else - return get_pages_iovec(i, pages, maxpages, start); + return get_pages_iovec(i, pages, maxsize, maxpages, start); } EXPORT_SYMBOL(iov_iter_get_pages); -- cgit v1.2.3 From e4502c63f56aeca887ced37f24e0def1ef11cec8 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 26 Sep 2014 21:17:52 -0400 Subject: ufs: deal with nfsd/iget races Signed-off-by: Al Viro --- fs/ufs/ialloc.c | 6 +++++- fs/ufs/namei.c | 4 ++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/fs/ufs/ialloc.c b/fs/ufs/ialloc.c index a9cc75ffa925..7caa01652888 100644 --- a/fs/ufs/ialloc.c +++ b/fs/ufs/ialloc.c @@ -298,7 +298,10 @@ cg_found: ufsi->i_oeftflag = 0; ufsi->i_dir_start_lookup = 0; memset(&ufsi->i_u1, 0, sizeof(ufsi->i_u1)); - insert_inode_hash(inode); + if (insert_inode_locked(inode) < 0) { + err = -EIO; + goto failed; + } mark_inode_dirty(inode); if (uspi->fs_magic == UFS2_MAGIC) { @@ -337,6 +340,7 @@ cg_found: fail_remove_inode: unlock_ufs(sb); clear_nlink(inode); + unlock_new_inode(inode); iput(inode); UFSD("EXIT (FAILED): err %d\n", err); return ERR_PTR(err); diff --git a/fs/ufs/namei.c b/fs/ufs/namei.c index 2df62a73f20c..fd65deb4b5f0 100644 --- a/fs/ufs/namei.c +++ b/fs/ufs/namei.c @@ -38,10 +38,12 @@ static inline int ufs_add_nondir(struct dentry *dentry, struct inode *inode) { int err = ufs_add_link(dentry, inode); if (!err) { + unlock_new_inode(inode); d_instantiate(dentry, inode); return 0; } inode_dec_link_count(inode); + unlock_new_inode(inode); iput(inode); return err; } @@ -155,6 +157,7 @@ out_notlocked: out_fail: inode_dec_link_count(inode); + unlock_new_inode(inode); iput(inode); goto out; } @@ -210,6 +213,7 @@ out: out_fail: inode_dec_link_count(inode); inode_dec_link_count(inode); + unlock_new_inode(inode); iput (inode); inode_dec_link_count(dir); unlock_ufs(dir->i_sb); -- cgit v1.2.3 From 5cc3821b576964513f5532e0ac1efeb52f62ec6c Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 26 Sep 2014 21:20:39 -0400 Subject: pull rehashing and unlocking the target dentry into __d_materialise_dentry() Signed-off-by: Al Viro --- fs/dcache.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/fs/dcache.c b/fs/dcache.c index 7a5b51440afa..36d84ec31d8a 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -2636,7 +2636,6 @@ out_err: /* * Prepare an anonymous dentry for life in the superblock's dentry tree as a * named dentry in place of the dentry to be replaced. - * returns with anon->d_lock held! */ static void __d_materialise_dentry(struct dentry *dentry, struct dentry *anon) { @@ -2655,21 +2654,21 @@ static void __d_materialise_dentry(struct dentry *dentry, struct dentry *anon) dentry->d_parent = dentry; list_del_init(&dentry->d_u.d_child); anon->d_parent = dparent; + list_move(&anon->d_u.d_child, &dparent->d_subdirs); if (likely(!d_unhashed(anon))) { hlist_bl_lock(&anon->d_sb->s_anon); __hlist_bl_del(&anon->d_hash); anon->d_hash.pprev = NULL; hlist_bl_unlock(&anon->d_sb->s_anon); } - list_move(&anon->d_u.d_child, &dparent->d_subdirs); + __d_rehash(anon, d_hash(anon->d_parent, anon->d_name.hash)); write_seqcount_end(&dentry->d_seq); write_seqcount_end(&anon->d_seq); dentry_unlock_parents_for_move(anon, dentry); spin_unlock(&dentry->d_lock); - - /* anon->d_lock still locked, returns locked */ + spin_unlock(&anon->d_lock); } /** @@ -2719,8 +2718,6 @@ struct dentry *d_splice_alias(struct inode *inode, struct dentry *dentry) write_seqlock(&rename_lock); __d_materialise_dentry(dentry, new); write_sequnlock(&rename_lock); - _d_rehash(new); - spin_unlock(&new->d_lock); spin_unlock(&inode->i_lock); security_d_instantiate(new, inode); iput(inode); @@ -2811,9 +2808,9 @@ struct dentry *d_materialise_unique(struct dentry *dentry, struct inode *inode) BUG_ON(!d_unhashed(actual)); spin_lock(&actual->d_lock); -found: _d_rehash(actual); spin_unlock(&actual->d_lock); +found: spin_unlock(&inode->i_lock); out_nolock: if (actual == dentry) { -- cgit v1.2.3 From 8527dd7187a05f2548010accdfad9dad892acf47 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 26 Sep 2014 21:26:50 -0400 Subject: don't open-code d_rehash() in d_materialise_unique() ... and get rid of duplicate BUG_ON() there Signed-off-by: Al Viro --- fs/dcache.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/fs/dcache.c b/fs/dcache.c index 36d84ec31d8a..22107630fc03 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -2804,12 +2804,8 @@ struct dentry *d_materialise_unique(struct dentry *dentry, struct inode *inode) actual = __d_instantiate_unique(dentry, inode); if (!actual) actual = dentry; - else - BUG_ON(!d_unhashed(actual)); - spin_lock(&actual->d_lock); - _d_rehash(actual); - spin_unlock(&actual->d_lock); + d_rehash(actual); found: spin_unlock(&inode->i_lock); out_nolock: -- cgit v1.2.3 From 9d8cd306a8f4cf104d5ef2e2f8f8f4f4854770a2 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 26 Sep 2014 21:34:01 -0400 Subject: __d_move(): fold manipulations with ->d_child/->d_subdirs list_del() + list_add() is a slightly pessimised list_move() list_del() + INIT_LIST_HEAD() is a slightly pessimised list_del_init() Interleaving those makes the resulting code even worse. And harder to follow... Signed-off-by: Al Viro --- fs/dcache.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/fs/dcache.c b/fs/dcache.c index 22107630fc03..86afdf1376ac 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -2506,8 +2506,6 @@ static void __d_move(struct dentry *dentry, struct dentry *target, d_hash(dentry->d_parent, dentry->d_name.hash)); } - list_del(&dentry->d_u.d_child); - list_del(&target->d_u.d_child); /* Switch the names.. */ switch_names(dentry, target); @@ -2517,15 +2515,15 @@ static void __d_move(struct dentry *dentry, struct dentry *target, if (IS_ROOT(dentry)) { dentry->d_parent = target->d_parent; target->d_parent = target; - INIT_LIST_HEAD(&target->d_u.d_child); + list_del_init(&target->d_u.d_child); } else { swap(dentry->d_parent, target->d_parent); /* And add them back to the (new) parent lists */ - list_add(&target->d_u.d_child, &target->d_parent->d_subdirs); + list_move(&target->d_u.d_child, &target->d_parent->d_subdirs); } - list_add(&dentry->d_u.d_child, &dentry->d_parent->d_subdirs); + list_move(&dentry->d_u.d_child, &dentry->d_parent->d_subdirs); write_seqcount_end(&target->d_seq); write_seqcount_end(&dentry->d_seq); -- cgit v1.2.3 From 4453641fe85f2ffda653e2e61b6a554dba1f0581 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 26 Sep 2014 22:54:02 -0400 Subject: __d_materialise_dentry(): flip the order of arguments ... thus making it much closer to (now unreachable, BTW) IS_ROOT(dentry) case in __d_move(). A bit more and it'll fold in. Signed-off-by: Al Viro --- fs/dcache.c | 44 ++++++++++++++++++++------------------------ 1 file changed, 20 insertions(+), 24 deletions(-) diff --git a/fs/dcache.c b/fs/dcache.c index 86afdf1376ac..0551fcc7671c 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -2635,38 +2635,34 @@ out_err: * Prepare an anonymous dentry for life in the superblock's dentry tree as a * named dentry in place of the dentry to be replaced. */ -static void __d_materialise_dentry(struct dentry *dentry, struct dentry *anon) +static void __d_materialise_dentry(struct dentry *dentry, struct dentry *target) { - struct dentry *dparent; - - dentry_lock_for_move(anon, dentry); + dentry_lock_for_move(dentry, target); write_seqcount_begin(&dentry->d_seq); - write_seqcount_begin_nested(&anon->d_seq, DENTRY_D_LOCK_NESTED); - - dparent = dentry->d_parent; + write_seqcount_begin_nested(&target->d_seq, DENTRY_D_LOCK_NESTED); - switch_names(dentry, anon); - swap(dentry->d_name.hash, anon->d_name.hash); + switch_names(dentry, target); + swap(dentry->d_name.hash, target->d_name.hash); - dentry->d_parent = dentry; - list_del_init(&dentry->d_u.d_child); - anon->d_parent = dparent; - list_move(&anon->d_u.d_child, &dparent->d_subdirs); - if (likely(!d_unhashed(anon))) { - hlist_bl_lock(&anon->d_sb->s_anon); - __hlist_bl_del(&anon->d_hash); - anon->d_hash.pprev = NULL; - hlist_bl_unlock(&anon->d_sb->s_anon); + dentry->d_parent = target->d_parent; + target->d_parent = target; + list_del_init(&target->d_u.d_child); + list_move(&dentry->d_u.d_child, &dentry->d_parent->d_subdirs); + if (likely(!d_unhashed(dentry))) { + hlist_bl_lock(&dentry->d_sb->s_anon); + __hlist_bl_del(&dentry->d_hash); + dentry->d_hash.pprev = NULL; + hlist_bl_unlock(&dentry->d_sb->s_anon); } - __d_rehash(anon, d_hash(anon->d_parent, anon->d_name.hash)); + __d_rehash(dentry, d_hash(dentry->d_parent, dentry->d_name.hash)); + write_seqcount_end(&target->d_seq); write_seqcount_end(&dentry->d_seq); - write_seqcount_end(&anon->d_seq); - dentry_unlock_parents_for_move(anon, dentry); + dentry_unlock_parents_for_move(dentry, target); + spin_unlock(&target->d_lock); spin_unlock(&dentry->d_lock); - spin_unlock(&anon->d_lock); } /** @@ -2714,7 +2710,7 @@ struct dentry *d_splice_alias(struct inode *inode, struct dentry *dentry) return ERR_PTR(-EIO); } write_seqlock(&rename_lock); - __d_materialise_dentry(dentry, new); + __d_materialise_dentry(new, dentry); write_sequnlock(&rename_lock); spin_unlock(&inode->i_lock); security_d_instantiate(new, inode); @@ -2775,7 +2771,7 @@ struct dentry *d_materialise_unique(struct dentry *dentry, struct inode *inode) } else if (IS_ROOT(alias)) { /* Is this an anonymous mountpoint that we * could splice into our tree? */ - __d_materialise_dentry(dentry, alias); + __d_materialise_dentry(alias, dentry); write_sequnlock(&rename_lock); goto found; } else { -- cgit v1.2.3 From 63cf427a570dd8eb66d8cfc4c2ed9367811d6d3e Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 26 Sep 2014 23:06:14 -0400 Subject: kill __d_materialise_dentry() it folds into __d_move() now Signed-off-by: Al Viro --- fs/dcache.c | 54 ++++++++++-------------------------------------------- 1 file changed, 10 insertions(+), 44 deletions(-) diff --git a/fs/dcache.c b/fs/dcache.c index 0551fcc7671c..6e543173a5d8 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -2511,28 +2511,28 @@ static void __d_move(struct dentry *dentry, struct dentry *target, switch_names(dentry, target); swap(dentry->d_name.hash, target->d_name.hash); - /* ... and switch the parents */ + /* ... and switch them in the tree */ if (IS_ROOT(dentry)) { + /* splicing a tree */ dentry->d_parent = target->d_parent; target->d_parent = target; list_del_init(&target->d_u.d_child); + list_move(&dentry->d_u.d_child, &dentry->d_parent->d_subdirs); } else { + /* swapping two dentries */ swap(dentry->d_parent, target->d_parent); - - /* And add them back to the (new) parent lists */ list_move(&target->d_u.d_child, &target->d_parent->d_subdirs); + list_move(&dentry->d_u.d_child, &dentry->d_parent->d_subdirs); + if (exchange) + fsnotify_d_move(target); + fsnotify_d_move(dentry); } - list_move(&dentry->d_u.d_child, &dentry->d_parent->d_subdirs); - write_seqcount_end(&target->d_seq); write_seqcount_end(&dentry->d_seq); dentry_unlock_parents_for_move(dentry, target); - if (exchange) - fsnotify_d_move(target); spin_unlock(&target->d_lock); - fsnotify_d_move(dentry); spin_unlock(&dentry->d_lock); } @@ -2631,40 +2631,6 @@ out_err: return ret; } -/* - * Prepare an anonymous dentry for life in the superblock's dentry tree as a - * named dentry in place of the dentry to be replaced. - */ -static void __d_materialise_dentry(struct dentry *dentry, struct dentry *target) -{ - dentry_lock_for_move(dentry, target); - - write_seqcount_begin(&dentry->d_seq); - write_seqcount_begin_nested(&target->d_seq, DENTRY_D_LOCK_NESTED); - - switch_names(dentry, target); - swap(dentry->d_name.hash, target->d_name.hash); - - dentry->d_parent = target->d_parent; - target->d_parent = target; - list_del_init(&target->d_u.d_child); - list_move(&dentry->d_u.d_child, &dentry->d_parent->d_subdirs); - if (likely(!d_unhashed(dentry))) { - hlist_bl_lock(&dentry->d_sb->s_anon); - __hlist_bl_del(&dentry->d_hash); - dentry->d_hash.pprev = NULL; - hlist_bl_unlock(&dentry->d_sb->s_anon); - } - __d_rehash(dentry, d_hash(dentry->d_parent, dentry->d_name.hash)); - - write_seqcount_end(&target->d_seq); - write_seqcount_end(&dentry->d_seq); - - dentry_unlock_parents_for_move(dentry, target); - spin_unlock(&target->d_lock); - spin_unlock(&dentry->d_lock); -} - /** * d_splice_alias - splice a disconnected dentry into the tree if one exists * @inode: the inode which may have a disconnected dentry @@ -2710,7 +2676,7 @@ struct dentry *d_splice_alias(struct inode *inode, struct dentry *dentry) return ERR_PTR(-EIO); } write_seqlock(&rename_lock); - __d_materialise_dentry(new, dentry); + __d_move(new, dentry, false); write_sequnlock(&rename_lock); spin_unlock(&inode->i_lock); security_d_instantiate(new, inode); @@ -2771,7 +2737,7 @@ struct dentry *d_materialise_unique(struct dentry *dentry, struct inode *inode) } else if (IS_ROOT(alias)) { /* Is this an anonymous mountpoint that we * could splice into our tree? */ - __d_materialise_dentry(alias, dentry); + __d_move(alias, dentry, false); write_sequnlock(&rename_lock); goto found; } else { -- cgit v1.2.3 From 986c01942afb8eb6cc1708e721292db23b715d4e Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 26 Sep 2014 23:11:15 -0400 Subject: fold unlocking the children into dentry_unlock_parents_for_move() ... renaming it into dentry_unlock_for_move() and making it more symmetric with dentry_lock_for_move(). Signed-off-by: Al Viro --- fs/dcache.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/fs/dcache.c b/fs/dcache.c index 6e543173a5d8..92f7d76db498 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -2442,13 +2442,14 @@ static void dentry_lock_for_move(struct dentry *dentry, struct dentry *target) } } -static void dentry_unlock_parents_for_move(struct dentry *dentry, - struct dentry *target) +static void dentry_unlock_for_move(struct dentry *dentry, struct dentry *target) { if (target->d_parent != dentry->d_parent) spin_unlock(&dentry->d_parent->d_lock); if (target->d_parent != target) spin_unlock(&target->d_parent->d_lock); + spin_unlock(&target->d_lock); + spin_unlock(&dentry->d_lock); } /* @@ -2531,9 +2532,7 @@ static void __d_move(struct dentry *dentry, struct dentry *target, write_seqcount_end(&target->d_seq); write_seqcount_end(&dentry->d_seq); - dentry_unlock_parents_for_move(dentry, target); - spin_unlock(&target->d_lock); - spin_unlock(&dentry->d_lock); + dentry_unlock_for_move(dentry, target); } /* -- cgit v1.2.3 From a28ddb87cdddb0db57466ba7f59f831002f4340c Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Wed, 24 Sep 2014 12:27:39 -0700 Subject: fold swapping ->d_name.hash into switch_names() and do it along with ->d_name.len there Signed-off-by: Linus Torvalds Signed-off-by: Al Viro --- fs/dcache.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/dcache.c b/fs/dcache.c index 92f7d76db498..7599d35b4ae5 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -2412,7 +2412,7 @@ static void switch_names(struct dentry *dentry, struct dentry *target) } } } - swap(dentry->d_name.len, target->d_name.len); + swap(dentry->d_name.hash_len, target->d_name.hash_len); } static void dentry_lock_for_move(struct dentry *dentry, struct dentry *target) @@ -2510,7 +2510,6 @@ static void __d_move(struct dentry *dentry, struct dentry *target, /* Switch the names.. */ switch_names(dentry, target); - swap(dentry->d_name.hash, target->d_name.hash); /* ... and switch them in the tree */ if (IS_ROOT(dentry)) { -- cgit v1.2.3 From d2fa4a8476b911782f7e5167db18770222ac40c3 Mon Sep 17 00:00:00 2001 From: Mikhail Efremov Date: Wed, 24 Sep 2014 22:14:33 +0400 Subject: vfs: Don't exchange "short" filenames unconditionally. Only exchange source and destination filenames if flags contain RENAME_EXCHANGE. In case if executable file was running and replaced by other file /proc/PID/exe should still show correct file name, not the old name of the file by which it was replaced. The scenario when this bug manifests itself was like this: * ALT Linux uses rpm and start-stop-daemon; * during a package upgrade rpm creates a temporary file for an executable to rename it upon successful unpacking; * start-stop-daemon is run subsequently and it obtains the (nonexistant) temporary filename via /proc/PID/exe thus failing to identify the running process. Note that "long" filenames (> DNAiME_INLINE_LEN) are still exchanged without RENAME_EXCHANGE and this behaviour exists long enough (should be fixed too apparently). So this patch is just an interim workaround that restores behavior for "short" names as it was before changes introduced by commit da1ce0670c14 ("vfs: add cross-rename"). See https://lkml.org/lkml/2014/9/7/6 for details. AV: the comments about being more careful with ->d_name.hash than with ->d_name.name are from back in 2.3.40s; they became obsolete by 2.3.60s, when we started to unhash the target instead of swapping hash chain positions followed by d_delete() as we used to do when dcache was first introduced. Acked-by: Miklos Szeredi Cc: Linus Torvalds Cc: Alexander Viro Cc: linux-fsdevel@vger.kernel.org Cc: stable@vger.kernel.org Fixes: da1ce0670c14 "vfs: add cross-rename" Signed-off-by: Mikhail Efremov Signed-off-by: Al Viro --- fs/dcache.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/fs/dcache.c b/fs/dcache.c index 7599d35b4ae5..cb25a1a5e307 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -2372,7 +2372,8 @@ void dentry_update_name_case(struct dentry *dentry, struct qstr *name) } EXPORT_SYMBOL(dentry_update_name_case); -static void switch_names(struct dentry *dentry, struct dentry *target) +static void switch_names(struct dentry *dentry, struct dentry *target, + bool exchange) { if (dname_external(target)) { if (dname_external(dentry)) { @@ -2406,6 +2407,12 @@ static void switch_names(struct dentry *dentry, struct dentry *target) */ unsigned int i; BUILD_BUG_ON(!IS_ALIGNED(DNAME_INLINE_LEN, sizeof(long))); + if (!exchange) { + memcpy(dentry->d_iname, target->d_name.name, + target->d_name.len + 1); + dentry->d_name.hash_len = target->d_name.hash_len; + return; + } for (i = 0; i < DNAME_INLINE_LEN / sizeof(long); i++) { swap(((long *) &dentry->d_iname)[i], ((long *) &target->d_iname)[i]); @@ -2456,12 +2463,15 @@ static void dentry_unlock_for_move(struct dentry *dentry, struct dentry *target) * When switching names, the actual string doesn't strictly have to * be preserved in the target - because we're dropping the target * anyway. As such, we can just do a simple memcpy() to copy over - * the new name before we switch. - * - * Note that we have to be a lot more careful about getting the hash - * switched - we have to switch the hash value properly even if it - * then no longer matches the actual (corrupted) string of the target. - * The hash value has to match the hash queue that the dentry is on.. + * the new name before we switch, unless we are going to rehash + * it. Note that if we *do* unhash the target, we are not allowed + * to rehash it without giving it a new name/hash key - whether + * we swap or overwrite the names here, resulting name won't match + * the reality in filesystem; it's only there for d_path() purposes. + * Note that all of this is happening under rename_lock, so the + * any hash lookup seeing it in the middle of manipulations will + * be discarded anyway. So we do not care what happens to the hash + * key in that case. */ /* * __d_move - move a dentry @@ -2507,9 +2517,8 @@ static void __d_move(struct dentry *dentry, struct dentry *target, d_hash(dentry->d_parent, dentry->d_name.hash)); } - /* Switch the names.. */ - switch_names(dentry, target); + switch_names(dentry, target, exchange); /* ... and switch them in the tree */ if (IS_ROOT(dentry)) { -- cgit v1.2.3