| Message ID | 55de39ad.N03/N28MqAInBiTy%akpm@linux-foundation.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Wed, Aug 26, 2015 at 03:11:57PM -0700, Andrew Morton wrote: > From: Tariq Saeed <tariq.x.saeed@oracle.com> > Subject: ocfs2: take inode lock in ocfs2_iop_set/get_acl() > > Orabug: 20189959 > > This bug in mainline code is pointed out by Mark Fasheh. When > ocfs2_iop_set_acl() and ocfs2_iop_get_acl() are entered from VFS layer, > inode lock is not held. This seems to be regression from older kernels. > The patch is to fix that. > > Signed-off-by: Tariq Saeed <tariq.x.saeed@oracle.com> > Cc: Mark Fasheh <mfasheh@suse.com> > Cc: Joel Becker <jlbec@evilplan.org> > Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Thank you for fixing this Tariq, Reviewed-by: Mark Fasheh <mfasheh@suse.de> -- Mark Fasheh
On 08/31/2015 12:44 PM, Mark Fasheh wrote: > On Wed, Aug 26, 2015 at 03:11:57PM -0700, Andrew Morton wrote: >> From: Tariq Saeed <tariq.x.saeed@oracle.com> >> Subject: ocfs2: take inode lock in ocfs2_iop_set/get_acl() >> >> Orabug: 20189959 >> >> This bug in mainline code is pointed out by Mark Fasheh. When >> ocfs2_iop_set_acl() and ocfs2_iop_get_acl() are entered from VFS layer, >> inode lock is not held. This seems to be regression from older kernels. >> The patch is to fix that. >> >> Signed-off-by: Tariq Saeed <tariq.x.saeed@oracle.com> >> Cc: Mark Fasheh <mfasheh@suse.com> >> Cc: Joel Becker <jlbec@evilplan.org> >> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> > Thank you for fixing this Tariq, > > Reviewed-by: Mark Fasheh <mfasheh@suse.de> > > -- > Mark Fasheh Hi Mark, I realized that taking inode lock at vfs entry points opens up a self deadlock window if a remote conversion req to EX is blocked. The reason is this code path. fchmod|fchmodat -> chmod_common -> notify_change -> ocfs2_setattr (takes inode lock EX) <<==== -> posix_acl_chmod -> get_acl -> ocfs2_iop_get_acl (inode lock PR blocks behind remote EX conv) * -> ocfs2_iop_set_acl (inode lock EX blocks behind remote EX conv) * * - self deadlock I think this can be solved by introducing a flag OCFS2_LOCK_RECURSIVE to ocfs2_cluster_lock(). The meaning of this flag is this. If the requesting level is <= lockres->l_level, in that case ignore OCFS2_LOCK_BLOCKED and just inc the holder count. This will work for all req levels if l_level is EX. if (lockres->l_flags & OCFS2_LOCK_BLOCKED && !ocfs2_may_continue_on_blocked_lock(lockres, level) || !(arg_flags & (OCFS2_LOCK_RECURSIVE) ... ocfs2_iop_get|set_acl() will pass OCFS2_LOCK_RECURSIVE to ocfs2_cluster_lock(). I am looking for suggestions. Thanks -Tariq Saeed
On 09/01/2015 06:47 PM, Tariq Saeed wrote: > > if (lockres->l_flags & OCFS2_LOCK_BLOCKED && > !ocfs2_may_continue_on_blocked_lock(lockres, level) || > !(arg_flags & (OCFS2_LOCK_RECURSIVE) ... > Sorry, typo. The '||' should be '&&' above. Thanks, -Tariq Saeed
diff -puN fs/ocfs2/acl.c~resubmit-ocfs2_iop_set-get_acl-called-from-the-vfs-so-take-inode-lock-v2second-version fs/ocfs2/acl.c --- a/fs/ocfs2/acl.c~resubmit-ocfs2_iop_set-get_acl-called-from-the-vfs-so-take-inode-lock-v2second-version +++ a/fs/ocfs2/acl.c @@ -284,7 +284,19 @@ int ocfs2_set_acl(handle_t *handle, int ocfs2_iop_set_acl(struct inode *inode, struct posix_acl *acl, int type) { - return ocfs2_set_acl(NULL, inode, NULL, type, acl, NULL, NULL); + struct buffer_head *bh = NULL; + int status = 0; + + status = ocfs2_inode_lock(inode, &bh, 1); + if (status < 0) { + if (status != -ENOENT) + mlog_errno(status); + return status; + } + status = ocfs2_set_acl(NULL, inode, bh, type, acl, NULL, NULL); + ocfs2_inode_unlock(inode, 1); + brelse(bh); + return status; } struct posix_acl *ocfs2_iop_get_acl(struct inode *inode, int type) @@ -292,19 +304,21 @@ struct posix_acl *ocfs2_iop_get_acl(stru struct ocfs2_super *osb; struct buffer_head *di_bh = NULL; struct posix_acl *acl; - int ret = -EAGAIN; + int ret; osb = OCFS2_SB(inode->i_sb); if (!(osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL)) return NULL; - - ret = ocfs2_read_inode_block(inode, &di_bh); - if (ret < 0) + ret = ocfs2_inode_lock(inode, &di_bh, 0); + if (ret < 0) { + if (ret != -ENOENT) + mlog_errno(ret); return ERR_PTR(ret); + } acl = ocfs2_get_acl_nolock(inode, type, di_bh); + ocfs2_inode_unlock(inode, 0); brelse(di_bh); - return acl; }