lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Mar 2008 10:31:38 +0100 From: Jan Kara <jack@...e.cz> To: Andrew Morton <akpm@...ux-foundation.org> Cc: dgc@....com, wfg@...l.ustc.edu.cn, linux-kernel@...r.kernel.org Subject: Re: [PATCH] vfs: Fix lock inversion in drop_pagecache_sb() On Tue 25-03-08 12:53:54, Andrew Morton wrote: > On Tue, 25 Mar 2008 19:12:27 +0100 > Jan Kara <jack@...e.cz> wrote: > > > Fix longstanding lock inversion in drop_pagecache_sb by dropping inode_lock > > before calling __invalidate_mapping_pages(). We just have to make sure > > inode won't go away from under us by keeping reference to it and putting > > the reference only after we have safely resumed the scan of the inode > > list. A bit tricky but not too bad... > > > > Signed-off-by: Jan Kara <jack@...e.cz> > > CC: Fengguang Wu <wfg@...l.ustc.edu.cn> > > CC: David Chinner <dgc@....com> > > > > --- > > fs/drop_caches.c | 8 +++++++- > > 1 files changed, 7 insertions(+), 1 deletions(-) > > > > diff --git a/fs/drop_caches.c b/fs/drop_caches.c > > index 59375ef..f5aae26 100644 > > --- a/fs/drop_caches.c > > +++ b/fs/drop_caches.c > > @@ -14,15 +14,21 @@ int sysctl_drop_caches; > > > > static void drop_pagecache_sb(struct super_block *sb) > > { > > - struct inode *inode; > > + struct inode *inode, *toput_inode = NULL; > > > > spin_lock(&inode_lock); > > list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { > > if (inode->i_state & (I_FREEING|I_WILL_FREE)) > > continue; > > OT: it might be worth having an `if (mapping->nrpages==0) continue' here. Good idea. I'll send a patch in a minute. > > + __iget(inode); > > + spin_unlock(&inode_lock); > > __invalidate_mapping_pages(inode->i_mapping, 0, -1, true); > > + iput(toput_inode); > > + toput_inode = inode; > > + spin_lock(&inode_lock); > > } > > spin_unlock(&inode_lock); > > + iput(toput_inode); > > } > > > > void drop_pagecache(void) > > hrm. So we have a random ref on an inode without holding inode_lock. If > we race with invalidate_list() we end up with an inode stuck on s_inodes > and "Self-destruct in 5 seconds. Have a nice day...", don't we? We hold s_umount for reading so we should be safe against someone trying to do umount. We could possibly race with invalidate_list() called from check_disk_change() but removing media without unmounting is a bad behavior anyway. So I think we are fine. Honza -- Jan Kara <jack@...e.cz> SUSE Labs, CR -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists