From patchwork Fri May 17 16:10:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Wengang Wang X-Patchwork-Id: 10948177 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 301421398 for ; Fri, 17 May 2019 16:06:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1D2DB26E79 for ; Fri, 17 May 2019 16:06:59 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0E51527F86; Fri, 17 May 2019 16:06:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=2.0 tests=AC_FROM_MANY_DOTS,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from userp2120.oracle.com (userp2120.oracle.com [156.151.31.85]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 8DDF826E79 for ; Fri, 17 May 2019 16:06:58 +0000 (UTC) Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x4HG3teT167867; Fri, 17 May 2019 16:06:41 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : date : message-id : subject : list-id : list-unsubscribe : list-archive : list-post : list-help : list-subscribe : mime-version : content-type : content-transfer-encoding : sender; s=corp-2018-07-02; bh=j7Fg1K/2hiPAt0dVZfH3mBj0q1otg4k9pvgxoZN1MpU=; b=c6kOB9jL3ORVo/CRwqk5ZK8T4JGmqW7XcIUqwpVS4gnz//2erWGTGk5cSIekpEGukRA4 +3CGmc5jzSSdPSpI/fh1NzQVhXoVWVhayzUGlIplXAAI25t2gxCGc9R6yttTvzyglKQl x61mHVkQ3Jw0Q/mUF/tCFOIms/1I5aIzUAv2IdBcSP0bWZSOQxKjKuqspvd30/nKc2uH X4LMmVG1r0Y8AunSc8vemRqehTdtxJRmN7xf/150Uyt00DDBGj9B/oqoe2nfoeStHV0d 1TVBJt8oPNoA4HF8GhpIaIjgqdD8oW5n70ERsh3bpzwjQo7tEzR21UhqyygygCTiRDxz PQ== Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by userp2120.oracle.com with ESMTP id 2sdq1r2n93-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 17 May 2019 16:06:40 +0000 Received: from oss.oracle.com (oss-old-reserved.oracle.com [137.254.22.2]) by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id x4HG6duc018825 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 17 May 2019 16:06:39 GMT Received: from localhost ([127.0.0.1] helo=lb-oss.oracle.com) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1hRfNX-0007He-0B; Fri, 17 May 2019 09:06:39 -0700 Received: from userp3020.oracle.com ([156.151.31.79]) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1hRfNV-0007Gx-50 for ocfs2-devel@oss.oracle.com; Fri, 17 May 2019 09:06:37 -0700 Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x4HG5jXl136003 for ; Fri, 17 May 2019 16:06:36 GMT Authentication-Results: aserp3010.oracle.com; spf=pass smtp.mailfrom=wen.gang.wang@oracle.com; dmarc=pass header.from=oracle.com Received: from pps.reinject (localhost [127.0.0.1]) by userp3020.oracle.com with ESMTP id 2shh5h5d6y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Fri, 17 May 2019 16:06:36 +0000 Received: from userp3020.oracle.com (userp3020.oracle.com [127.0.0.1]) by pps.reinject (8.16.0.27/8.16.0.27) with SMTP id x4HG6alJ138370 for ; Fri, 17 May 2019 16:06:36 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userp3020.oracle.com with ESMTP id 2shh5h5d6v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 17 May 2019 16:06:36 +0000 Received: from abhmp0015.oracle.com (abhmp0015.oracle.com [141.146.116.21]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id x4HG6ZXj032228; Fri, 17 May 2019 16:06:35 GMT Received: from oracle.com (/10.211.52.31) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 17 May 2019 09:06:35 -0700 From: Wengang Wang To: ocfs2-devel@oss.oracle.com Date: Fri, 17 May 2019 09:10:04 -0700 Message-Id: <20190517161004.3002-1-wen.gang.wang@oracle.com> X-Mailer: git-send-email 2.13.6 Subject: [Ocfs2-devel] [PATCH v3] fs/ocfs2: fix race in ocfs2_dentry_attach_lock X-BeenThere: ocfs2-devel@oss.oracle.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ocfs2-devel-bounces@oss.oracle.com Errors-To: ocfs2-devel-bounces@oss.oracle.com X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9260 signatures=668687 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=9 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905170098 X-Virus-Scanned: ClamAV using ClamSMTP ocfs2_dentry_attach_lock() can be executed in parallel threads against the same dentry. Make that race safe. The race is like this: thread A thread B (A1) enter ocfs2_dentry_attach_lock, seeing dentry->d_fsdata is NULL, and no alias found by ocfs2_find_local_alias, so kmalloc a new ocfs2_dentry_lock structure to local variable "dl", dl1 ..... (B1) enter ocfs2_dentry_attach_lock, seeing dentry->d_fsdata is NULL, and no alias found by ocfs2_find_local_alias so kmalloc a new ocfs2_dentry_lock structure to local variable "dl", dl2. ...... (A2) set dentry->d_fsdata with dl1, call ocfs2_dentry_lock() and increase dl1->dl_lockres.l_ro_holders to 1 on success. ...... (B2) set dentry->d_fsdata with dl2 call ocfs2_dentry_lock() and increase dl2->dl_lockres.l_ro_holders to 1 on success. ...... (A3) call ocfs2_dentry_unlock() and decrease dl2->dl_lockres.l_ro_holders to 0 on success. .... (B3) call ocfs2_dentry_unlock(), decreasing dl2->dl_lockres.l_ro_holders, but see it's zero now, panic Signed-off-by: Wengang Wang Reported-by: Daniel Sobe Tested-by: Daniel Sobe Reviewed-by: Changwei Ge --- v3: add Reviewed-by, Reported-by and Tested-by only v2: 1) removed lock on dentry_attach_lock at the first access of dentry->d_fsdata since it helps very little. 2) do cleanups before freeing the duplicated dl 3) return after freeing the duplicated dl found. --- fs/ocfs2/dcache.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/fs/ocfs2/dcache.c b/fs/ocfs2/dcache.c index 290373024d9d..0d220a66297e 100644 --- a/fs/ocfs2/dcache.c +++ b/fs/ocfs2/dcache.c @@ -230,6 +230,7 @@ int ocfs2_dentry_attach_lock(struct dentry *dentry, int ret; struct dentry *alias; struct ocfs2_dentry_lock *dl = dentry->d_fsdata; + struct ocfs2_dentry_lock *dl_free_on_race = NULL; trace_ocfs2_dentry_attach_lock(dentry->d_name.len, dentry->d_name.name, (unsigned long long)parent_blkno, dl); @@ -310,10 +311,21 @@ int ocfs2_dentry_attach_lock(struct dentry *dentry, out_attach: spin_lock(&dentry_attach_lock); - dentry->d_fsdata = dl; - dl->dl_count++; + /* d_fsdata could be set by parallel thread */ + if (unlikely(dentry->d_fsdata && !alias)) { + dl_free_on_race = dl; + } else { + dentry->d_fsdata = dl; + dl->dl_count++; + } spin_unlock(&dentry_attach_lock); + if (unlikely(dl_free_on_race)) { + iput(dl_free_on_race->dl_inode); + ocfs2_lock_res_free(&dl_free_on_race->dl_lockres); + kfree(dl_free_on_race); + return 0; + } /* * This actually gets us our PRMODE level lock. From now on, * we'll have a notification if one of these names is