From patchwork Thu Aug 1 14:02:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 11070777 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 838ED746 for ; Thu, 1 Aug 2019 14:02:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7651728564 for ; Thu, 1 Aug 2019 14:02:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 75201286F3; Thu, 1 Aug 2019 14:02:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F135128564 for ; Thu, 1 Aug 2019 14:02:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731475AbfHAOCt (ORCPT ); Thu, 1 Aug 2019 10:02:49 -0400 Received: from mail-wm1-f68.google.com ([209.85.128.68]:35721 "EHLO mail-wm1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731335AbfHAOCt (ORCPT ); Thu, 1 Aug 2019 10:02:49 -0400 Received: by mail-wm1-f68.google.com with SMTP id l2so63281731wmg.0 for ; Thu, 01 Aug 2019 07:02:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=qAQOsSW3PZlCOOlV7G41FboY5NO3JDvgIsqYW8MdaEk=; b=AcrknMbWp8V68zJW8OKUBZ7EbALb+cxUb4O1ZmQH3ItFaQtcAaELY6JUkVi1FcNdLv 20yN5rMDNrA22C3ix6Pw8GvgDDb9bwIsvFerRbKGWQXaVBLHYKQ5QnFttstTHVswHZI+ YnsP161dttMUY1R5m4EAMpHerTp93NFCgvANgrXiZlHIbRIhDZ5BlLOQdjbNv6Z0CAbE LMlFkrZUZKXC3AKY0AiDBxeY2iSQ/YGah2I6dhQxGWmHIRtaX8p3qz6ZfzFHnvFUodCz 762hsADs69e8+6HN7J16SA2FVFJZ6y4dH4s4zqROl3514TpP/HO3Hmy1aWoYd2YlY5sc 78sg== X-Gm-Message-State: APjAAAV2Qz9XoRHtSCPUmZ6ipkVKc9OzkSUuFwWUCgH4o6qDAhLNMT7C fCtZ16J2ojiFM7LOS7/2e4bw4sTtxsA= X-Google-Smtp-Source: APXvYqwOoyiVZsMYZ8cQ5e9OGb1IvlPrdHbwXo+5ZDiPo/qYsmcC1ojfeFMhV57U40LtD/r6DkjFEg== X-Received: by 2002:a7b:c8c3:: with SMTP id f3mr53608258wml.124.1564668167154; Thu, 01 Aug 2019 07:02:47 -0700 (PDT) Received: from localhost.localdomain.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id z7sm69909162wrh.67.2019.08.01.07.02.46 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Thu, 01 Aug 2019 07:02:46 -0700 (PDT) From: Ondrej Mosnacek To: selinux@vger.kernel.org, Paul Moore Cc: Al Viro , linux-fsdevel@vger.kernel.org Subject: [PATCH v2 1/4] d_walk: optionally lock also parent inode Date: Thu, 1 Aug 2019 16:02:40 +0200 Message-Id: <20190801140243.24080-2-omosnace@redhat.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190801140243.24080-1-omosnace@redhat.com> References: <20190801140243.24080-1-omosnace@redhat.com> MIME-Version: 1.0 Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This will be used in a later patch to provide a function to safely perform d_genocide on live trees. Signed-off-by: Ondrej Mosnacek --- fs/dcache.c | 43 +++++++++++++++++++++++++++++++++---------- 1 file changed, 33 insertions(+), 10 deletions(-) diff --git a/fs/dcache.c b/fs/dcache.c index e88cf0554e65..9ed4c0f99e57 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -1259,12 +1259,13 @@ enum d_walk_ret { /** * d_walk - walk the dentry tree * @parent: start of walk + * @lock_inode whether to lock also parent inode * @data: data passed to @enter() and @finish() * @enter: callback when first entering the dentry * * The @enter() callbacks are called with d_lock held. */ -static void d_walk(struct dentry *parent, void *data, +static void d_walk(struct dentry *parent, bool lock_inode, void *data, enum d_walk_ret (*enter)(void *, struct dentry *)) { struct dentry *this_parent; @@ -1276,6 +1277,8 @@ static void d_walk(struct dentry *parent, void *data, again: read_seqbegin_or_lock(&rename_lock, &seq); this_parent = parent; + if (lock_inode) + inode_lock(this_parent->d_inode); spin_lock(&this_parent->d_lock); ret = enter(data, this_parent); @@ -1319,9 +1322,21 @@ resume: if (!list_empty(&dentry->d_subdirs)) { spin_unlock(&this_parent->d_lock); - spin_release(&dentry->d_lock.dep_map, 1, _RET_IP_); + if (lock_inode) { + spin_unlock(&dentry->d_lock); + inode_unlock(this_parent->d_inode); + } else { + spin_release(&dentry->d_lock.dep_map, + 1, _RET_IP_); + } this_parent = dentry; - spin_acquire(&this_parent->d_lock.dep_map, 0, 1, _RET_IP_); + if (lock_inode) { + inode_lock(this_parent->d_inode); + spin_lock(&this_parent->d_lock); + } else { + spin_acquire(&this_parent->d_lock.dep_map, + 0, 1, _RET_IP_); + } goto repeat; } spin_unlock(&dentry->d_lock); @@ -1336,6 +1351,10 @@ ascend: this_parent = child->d_parent; spin_unlock(&child->d_lock); + if (lock_inode) { + inode_unlock(child->d_inode); + inode_lock(this_parent->d_inode); + } spin_lock(&this_parent->d_lock); /* might go back up the wrong parent if we have had a rename. */ @@ -1357,12 +1376,16 @@ ascend: out_unlock: spin_unlock(&this_parent->d_lock); + if (lock_inode) + inode_unlock(this_parent->d_inode); done_seqretry(&rename_lock, seq); return; rename_retry: - spin_unlock(&this_parent->d_lock); rcu_read_unlock(); + spin_unlock(&this_parent->d_lock); + if (lock_inode) + inode_unlock(this_parent->d_inode); BUG_ON(seq & 1); if (!retry) return; @@ -1402,7 +1425,7 @@ int path_has_submounts(const struct path *parent) struct check_mount data = { .mnt = parent->mnt, .mounted = 0 }; read_seqlock_excl(&mount_lock); - d_walk(parent->dentry, &data, path_check_mount); + d_walk(parent->dentry, false, &data, path_check_mount); read_sequnlock_excl(&mount_lock); return data.mounted; @@ -1541,7 +1564,7 @@ void shrink_dcache_parent(struct dentry *parent) struct select_data data = {.start = parent}; INIT_LIST_HEAD(&data.dispose); - d_walk(parent, &data, select_collect); + d_walk(parent, false, &data, select_collect); if (!list_empty(&data.dispose)) { shrink_dentry_list(&data.dispose); @@ -1552,7 +1575,7 @@ void shrink_dcache_parent(struct dentry *parent) if (!data.found) break; data.victim = NULL; - d_walk(parent, &data, select_collect2); + d_walk(parent, false, &data, select_collect2); if (data.victim) { struct dentry *parent; spin_lock(&data.victim->d_lock); @@ -1599,7 +1622,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) static void do_one_tree(struct dentry *dentry) { shrink_dcache_parent(dentry); - d_walk(dentry, dentry, umount_check); + d_walk(dentry, false, dentry, umount_check); d_drop(dentry); dput(dentry); } @@ -1656,7 +1679,7 @@ void d_invalidate(struct dentry *dentry) shrink_dcache_parent(dentry); for (;;) { struct dentry *victim = NULL; - d_walk(dentry, &victim, find_submount); + d_walk(dentry, false, &victim, find_submount); if (!victim) { if (had_submounts) shrink_dcache_parent(dentry); @@ -3106,7 +3129,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) void d_genocide(struct dentry *parent) { - d_walk(parent, parent, d_genocide_kill); + d_walk(parent, false, parent, d_genocide_kill); } EXPORT_SYMBOL(d_genocide); From patchwork Thu Aug 1 14:02:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 11070785 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9DB741890 for ; Thu, 1 Aug 2019 14:02:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 90A5C286EE for ; Thu, 1 Aug 2019 14:02:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8F094285D1; Thu, 1 Aug 2019 14:02:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3644F286F2 for ; Thu, 1 Aug 2019 14:02:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730502AbfHAOCu (ORCPT ); Thu, 1 Aug 2019 10:02:50 -0400 Received: from mail-wm1-f66.google.com ([209.85.128.66]:51210 "EHLO mail-wm1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730581AbfHAOCu (ORCPT ); Thu, 1 Aug 2019 10:02:50 -0400 Received: by mail-wm1-f66.google.com with SMTP id 207so64796053wma.1 for ; Thu, 01 Aug 2019 07:02:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=NVoAsHIZkuqGu1B9h4zcpi2CkI6wnGm5HImJow5hag0=; b=qohK3viQhJeMTdr3j85ZFBpSQLZerHiBFqBiGsC+mwNIeEcTvZ6/ggKPbHcoxrr++8 dKEDhZBJX34YmWtVYdDY/zSStnFSgddIvhthGmE7tipkJT43CQlAqiJ+Lt+cX7ybkN0H i1Yq5brp6/7u78zjQXm7nTjBj3CiD9QlgP++p+AnQc+6RLnEmmk5he6iZZvRmhhoa9s9 oUSXfm52Z3caJDdqtHa0yS+vRV0+GMSoX9qhlBaZ1YeydTOKy7yfCv96iqOa0ZKKXXZh rXTcwpyST+k3E0kh86beY9fLXfG39uU73d549Dw2S8xoByYeA4BJipHhbZdiXlMmw2gn uhiQ== X-Gm-Message-State: APjAAAV/THc1uNq4WtbD6FA3g80Imz0LxnJCCpbVolyh3S/hnA9ApfJi 7fHRKo2h80q5YGoGdzoIJnYWC5uhoRI= X-Google-Smtp-Source: APXvYqyq38Dtjc6r/Z1L3RuAkckNyKmI3TkmfNNClGNXNgfmgTm6XN9lLApcFKx8KcKrOj64CmAWRA== X-Received: by 2002:a1c:4054:: with SMTP id n81mr17907918wma.78.1564668168090; Thu, 01 Aug 2019 07:02:48 -0700 (PDT) Received: from localhost.localdomain.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id z7sm69909162wrh.67.2019.08.01.07.02.47 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Thu, 01 Aug 2019 07:02:47 -0700 (PDT) From: Ondrej Mosnacek To: selinux@vger.kernel.org, Paul Moore Cc: Al Viro , linux-fsdevel@vger.kernel.org Subject: [PATCH v2 2/4] d_walk: add leave callback Date: Thu, 1 Aug 2019 16:02:41 +0200 Message-Id: <20190801140243.24080-3-omosnace@redhat.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190801140243.24080-1-omosnace@redhat.com> References: <20190801140243.24080-1-omosnace@redhat.com> MIME-Version: 1.0 Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Add an optional callback that gets called when d_walk is *leaving* a dentry. This will be used in a later patch to provide a function to safely perform d_genocide on live trees. Signed-off-by: Ondrej Mosnacek --- fs/dcache.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/fs/dcache.c b/fs/dcache.c index 9ed4c0f99e57..70afcb6e6892 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -1260,13 +1260,15 @@ enum d_walk_ret { * d_walk - walk the dentry tree * @parent: start of walk * @lock_inode whether to lock also parent inode - * @data: data passed to @enter() and @finish() + * @data: data passed to @enter() and @leave() * @enter: callback when first entering the dentry + * @leave: callback when leaving the dentry * * The @enter() callbacks are called with d_lock held. */ static void d_walk(struct dentry *parent, bool lock_inode, void *data, - enum d_walk_ret (*enter)(void *, struct dentry *)) + enum d_walk_ret (*enter)(void *, struct dentry *), + void (*leave)(void *, struct dentry *)) { struct dentry *this_parent; struct list_head *next; @@ -1339,6 +1341,8 @@ resume: } goto repeat; } + if (leave) + leave(data, dentry); spin_unlock(&dentry->d_lock); } /* @@ -1350,6 +1354,8 @@ ascend: struct dentry *child = this_parent; this_parent = child->d_parent; + if (leave) + leave(data, child); spin_unlock(&child->d_lock); if (lock_inode) { inode_unlock(child->d_inode); @@ -1370,6 +1376,8 @@ ascend: rcu_read_unlock(); goto resume; } + if (leave) + leave(data, parent); if (need_seqretry(&rename_lock, seq)) goto rename_retry; rcu_read_unlock(); @@ -1425,7 +1433,7 @@ int path_has_submounts(const struct path *parent) struct check_mount data = { .mnt = parent->mnt, .mounted = 0 }; read_seqlock_excl(&mount_lock); - d_walk(parent->dentry, false, &data, path_check_mount); + d_walk(parent->dentry, false, &data, path_check_mount, NULL); read_sequnlock_excl(&mount_lock); return data.mounted; @@ -1564,7 +1572,7 @@ void shrink_dcache_parent(struct dentry *parent) struct select_data data = {.start = parent}; INIT_LIST_HEAD(&data.dispose); - d_walk(parent, false, &data, select_collect); + d_walk(parent, false, &data, select_collect, NULL); if (!list_empty(&data.dispose)) { shrink_dentry_list(&data.dispose); @@ -1575,7 +1583,7 @@ void shrink_dcache_parent(struct dentry *parent) if (!data.found) break; data.victim = NULL; - d_walk(parent, false, &data, select_collect2); + d_walk(parent, false, &data, select_collect2, NULL); if (data.victim) { struct dentry *parent; spin_lock(&data.victim->d_lock); @@ -1622,7 +1630,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) static void do_one_tree(struct dentry *dentry) { shrink_dcache_parent(dentry); - d_walk(dentry, false, dentry, umount_check); + d_walk(dentry, false, dentry, umount_check, NULL); d_drop(dentry); dput(dentry); } @@ -1679,7 +1687,7 @@ void d_invalidate(struct dentry *dentry) shrink_dcache_parent(dentry); for (;;) { struct dentry *victim = NULL; - d_walk(dentry, false, &victim, find_submount); + d_walk(dentry, false, &victim, find_submount, NULL); if (!victim) { if (had_submounts) shrink_dcache_parent(dentry); @@ -3129,7 +3137,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) void d_genocide(struct dentry *parent) { - d_walk(parent, false, parent, d_genocide_kill); + d_walk(parent, false, parent, d_genocide_kill, NULL); } EXPORT_SYMBOL(d_genocide); From patchwork Thu Aug 1 14:02:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 11070789 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1EFEE1399 for ; Thu, 1 Aug 2019 14:02:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 11B1C286F3 for ; Thu, 1 Aug 2019 14:02:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 05D45286E2; Thu, 1 Aug 2019 14:02:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E51C4286F1 for ; Thu, 1 Aug 2019 14:02:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730544AbfHAOCw (ORCPT ); Thu, 1 Aug 2019 10:02:52 -0400 Received: from mail-wr1-f66.google.com ([209.85.221.66]:35438 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731334AbfHAOCv (ORCPT ); Thu, 1 Aug 2019 10:02:51 -0400 Received: by mail-wr1-f66.google.com with SMTP id y4so73741103wrm.2 for ; Thu, 01 Aug 2019 07:02:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mJn6mUYEYLeEvyAEs0120wh2ye8ZXvWXPoyVrBnKS2s=; b=a82EuDSNK6xJ9od3GeB6Flik20mVS8bkEV+0XQ35e3+oGBhEgXE2EuRngkcN2Z799L rEegkUM2plhy7YlR/RiBMqwumEDHWYTC77jPS4F0hG8uQ3g8RoThR801Hksc9zQVl8fe pumkcxGiItfDNpVIbfeDt3oD8HemjBTs0yYK4jp+mojU3x+AMlk/RvgsUBHQZbIBU56b VX6F8oqbqZ4kOyzvdg893cPWbuxtaGBQ1eMitw8i2zgQAwu7bX0tkJVMUoAQEE5HfDp8 xkeOVEfB6v9k8rQ9fAE2aPDg6P/IcgdD02VRWwDKTmGwIT1nRDeJVTvQqiJs49mpP9Qm WylA== X-Gm-Message-State: APjAAAXUnfN3v+bCftpUAIdEY936bt/lTs+lMDnPUnRXunPrC0EdEM3e fg/Qqus1SmNj3Li658uc1wrNaSyrwgg= X-Google-Smtp-Source: APXvYqycPbmdqDDFF167loGujYRAmgAcJOv7PBWaUQzfjx70b5H9CGMf56RqiPGlGFmHgztjQAPHUw== X-Received: by 2002:adf:b64b:: with SMTP id i11mr6646495wre.205.1564668169029; Thu, 01 Aug 2019 07:02:49 -0700 (PDT) Received: from localhost.localdomain.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id z7sm69909162wrh.67.2019.08.01.07.02.48 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Thu, 01 Aug 2019 07:02:48 -0700 (PDT) From: Ondrej Mosnacek To: selinux@vger.kernel.org, Paul Moore Cc: Al Viro , linux-fsdevel@vger.kernel.org Subject: [PATCH v2 3/4] dcache: introduce d_genocide_safe() Date: Thu, 1 Aug 2019 16:02:42 +0200 Message-Id: <20190801140243.24080-4-omosnace@redhat.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190801140243.24080-1-omosnace@redhat.com> References: <20190801140243.24080-1-omosnace@redhat.com> MIME-Version: 1.0 Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This patch adds a slightly modified variant of d_genocide() that works safely on live (ramfs-like) trees. This function is needed for a safe implementation of sel_remove_entries() in selinuxfs. This new function differs from the original d_genocide in the following: 1. It locks the parent inode when traversing the dentries. 2. It first unhashes the dentry using __d_drop() before dropping the refcount and marking the dentry. 3. It does its business in the leave callback so that each dentry is unhashed after its children -- otherwise some dentries might never get traversed when d_walk() is restarted internally. The combination of (1.) and (2.) is needed to avoid racing with dcache_readdir(), which relies on the assumption that any simple_positive() child dentry will not turn negative without locking the parent inode for writing. Signed-off-by: Ondrej Mosnacek --- fs/dcache.c | 32 ++++++++++++++++++++++++++++++++ include/linux/dcache.h | 1 + 2 files changed, 33 insertions(+) diff --git a/fs/dcache.c b/fs/dcache.c index 70afcb6e6892..f6d667120c1e 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -3142,6 +3142,38 @@ void d_genocide(struct dentry *parent) EXPORT_SYMBOL(d_genocide); +static enum d_walk_ret d_genocide_safe_enter(void *data, struct dentry *dentry) +{ + struct dentry *root = data; + + if (dentry != root && !simple_positive(dentry)) + return D_WALK_SKIP; + + return D_WALK_CONTINUE; +} + +static void d_genocide_safe_leave(void *data, struct dentry *dentry) +{ + struct dentry *root = data; + + if (dentry != root) { + __d_drop(dentry); + + if (!(dentry->d_flags & DCACHE_GENOCIDE)) { + dentry->d_flags |= DCACHE_GENOCIDE; + dentry->d_lockref.count--; + } + } +} + +void d_genocide_safe(struct dentry *parent) +{ + d_walk(parent, true, parent, d_genocide_safe_enter, + d_genocide_safe_leave); +} + +EXPORT_SYMBOL(d_genocide_safe); + void d_tmpfile(struct dentry *dentry, struct inode *inode) { inode_dec_link_count(inode); diff --git a/include/linux/dcache.h b/include/linux/dcache.h index 9451011ac014..6d787c26e901 100644 --- a/include/linux/dcache.h +++ b/include/linux/dcache.h @@ -253,6 +253,7 @@ extern struct dentry * d_make_root(struct inode *); /* - the ramfs-type tree */ extern void d_genocide(struct dentry *); +extern void d_genocide_safe(struct dentry *parent); extern void d_tmpfile(struct dentry *, struct inode *); From patchwork Thu Aug 1 14:02:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 11070791 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DB3F1746 for ; Thu, 1 Aug 2019 14:02:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CDAA5286F2 for ; Thu, 1 Aug 2019 14:02:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CC129286FB; Thu, 1 Aug 2019 14:02:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4A845286F2 for ; Thu, 1 Aug 2019 14:02:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731468AbfHAOCx (ORCPT ); Thu, 1 Aug 2019 10:02:53 -0400 Received: from mail-wm1-f68.google.com ([209.85.128.68]:51074 "EHLO mail-wm1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730581AbfHAOCw (ORCPT ); Thu, 1 Aug 2019 10:02:52 -0400 Received: by mail-wm1-f68.google.com with SMTP id v15so64798738wml.0 for ; Thu, 01 Aug 2019 07:02:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Q9l8o0YUUYULIRBa/EVzGkj6Ut5sD4tK2q63xppuwv8=; b=ieZB/kcfBSeK5fJqRGAQi5VsPZpAWoCuY8W7nzQSbDowR9U1U399/mXxpQ5FDQFTes 6y6CnwdZYEaPHCThpOo4ShlZUkO5pzJNUsn26iWEjX+T+urtZ307bvdHTMHNZQIqyAAO X8uOMIG894pLSAQgD1u9O+D4b8mEgPT/dljNrfzY7KLnkt2O10pEvwaq//DYRvKEXWnb QYZI2HKHhWon9qC4iOaomFGGqiwKrIhaKq9di7HKrMusRJfQTZRfEJgTxTVNy9hE27/o wVrS+QU+HS4dAvG16ZLPRx8PUFgVZxxc+RskeBtCDO0CdwhieEkZ/5oJy+ibUGdxY6Zs mDsQ== X-Gm-Message-State: APjAAAV1lW/PbGSrvegIEMU+MqIuqOzP8FXt1SkiJAn/8CKfeiB5dZ3R W5uqbwGSDr6tEdARpcE+hXNLxzEmQ8g= X-Google-Smtp-Source: APXvYqzXEb+285MZOoJB+6F3vWCSdWbbUe7nEOtmuU/D3ChtMO2hzcI+kZ/rCC+3PLbqLbag6JyNaQ== X-Received: by 2002:a1c:f018:: with SMTP id a24mr113136377wmb.66.1564668169963; Thu, 01 Aug 2019 07:02:49 -0700 (PDT) Received: from localhost.localdomain.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id z7sm69909162wrh.67.2019.08.01.07.02.49 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Thu, 01 Aug 2019 07:02:49 -0700 (PDT) From: Ondrej Mosnacek To: selinux@vger.kernel.org, Paul Moore Cc: Al Viro , linux-fsdevel@vger.kernel.org Subject: [PATCH v2 4/4] selinux: use d_genocide_safe() in selinuxfs Date: Thu, 1 Aug 2019 16:02:43 +0200 Message-Id: <20190801140243.24080-5-omosnace@redhat.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190801140243.24080-1-omosnace@redhat.com> References: <20190801140243.24080-1-omosnace@redhat.com> MIME-Version: 1.0 Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Letting the following set of commands run long enough on a machine with at least 3 CPU threads causes soft lockups in the kernel: (cd /sys/fs/selinux/; while true; do find >/dev/null 2>&1; done) & (cd /sys/fs/selinux/; while true; do find >/dev/null 2>&1; done) & (cd /sys/fs/selinux/; while true; do find >/dev/null 2>&1; done) & while true; do load_policy; echo -n .; sleep 0.1; done The problem is that sel_remove_entries() removes the old selinuxfs entries using d_genocide() + shrink_dcache_parent(), which is not safe to do on live trees that are still exposed to userspace. Specifically, it races with dcache_readdir(), which expects that while a dentry's inode is locked, its (positive) children cannot get unlisted, because both unlink() and rmdir() lock the parent inode first. Therefore, use the newly introduced d_genocide_safe() instead of d_genocide(), which fixes this issue. Bug tracker links: * SELinux GitHub: https://github.com/SELinuxProject/selinux-kernel/issues/42 * Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1510603 Fixes: ad52184b705c ("selinuxfs: don't open-code d_genocide()") Signed-off-by: Ondrej Mosnacek --- security/selinux/selinuxfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index e6c7643c3fc0..58d1949e5faf 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1317,7 +1317,7 @@ static const struct file_operations sel_commit_bools_ops = { static void sel_remove_entries(struct dentry *de) { - d_genocide(de); + d_genocide_safe(de); shrink_dcache_parent(de); }