mirror of
https://github.com/torvalds/linux
synced 2024-11-05 18:23:50 +00:00
330033d697
xfstests generic/004 reproduces an ilock deadlock using the tmpfile interface when selinux is enabled. This occurs because xfs_create_tmpfile() takes the ilock and then calls d_tmpfile(). The latter eventually calls into xfs_xattr_get() which attempts to get the lock again. E.g.: xfs_io D ffffffff81c134c0 4096 3561 3560 0x00000080 ffff8801176a1a68 0000000000000046 ffff8800b401b540 ffff8801176a1fd8 00000000001d5800 00000000001d5800 ffff8800b401b540 ffff8800b401b540 ffff8800b73a6bd0 fffffffeffffffff ffff8800b73a6bd8 ffff8800b5ddb480 Call Trace: [<ffffffff8177f969>] schedule+0x29/0x70 [<ffffffff81783a65>] rwsem_down_read_failed+0xc5/0x120 [<ffffffffa05aa97f>] ? xfs_ilock_attr_map_shared+0x1f/0x50 [xfs] [<ffffffff813b3434>] call_rwsem_down_read_failed+0x14/0x30 [<ffffffff810ed179>] ? down_read_nested+0x89/0xa0 [<ffffffffa05aa7f2>] ? xfs_ilock+0x122/0x250 [xfs] [<ffffffffa05aa7f2>] xfs_ilock+0x122/0x250 [xfs] [<ffffffffa05aa97f>] xfs_ilock_attr_map_shared+0x1f/0x50 [xfs] [<ffffffffa05701d0>] xfs_attr_get+0x90/0xe0 [xfs] [<ffffffffa0565e07>] xfs_xattr_get+0x37/0x50 [xfs] [<ffffffff8124842f>] generic_getxattr+0x4f/0x70 [<ffffffff8133fd9e>] inode_doinit_with_dentry+0x1ae/0x650 [<ffffffff81340e0c>] selinux_d_instantiate+0x1c/0x20 [<ffffffff813351bb>] security_d_instantiate+0x1b/0x30 [<ffffffff81237db0>] d_instantiate+0x50/0x70 [<ffffffff81237e85>] d_tmpfile+0xb5/0xc0 [<ffffffffa05add02>] xfs_create_tmpfile+0x362/0x410 [xfs] [<ffffffffa0559ac8>] xfs_vn_tmpfile+0x18/0x20 [xfs] [<ffffffff81230388>] path_openat+0x228/0x6a0 [<ffffffff810230f9>] ? sched_clock+0x9/0x10 [<ffffffff8105a427>] ? kvm_clock_read+0x27/0x40 [<ffffffff8124054f>] ? __alloc_fd+0xaf/0x1f0 [<ffffffff8123101a>] do_filp_open+0x3a/0x90 [<ffffffff817845e7>] ? _raw_spin_unlock+0x27/0x40 [<ffffffff8124054f>] ? __alloc_fd+0xaf/0x1f0 [<ffffffff8121e3ce>] do_sys_open+0x12e/0x210 [<ffffffff8121e4ce>] SyS_open+0x1e/0x20 [<ffffffff8178eda9>] system_call_fastpath+0x16/0x1b xfs_vn_tmpfile() also fails to initialize security on the newly created inode. Pull the d_tmpfile() call up into xfs_vn_tmpfile() after the transaction has been committed and the inode unlocked. Also, initialize security on the inode based on the parent directory provided via the tmpfile call. Signed-off-by: Brian Foster <bfoster@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Dave Chinner <david@fromorbit.com> |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| kmem.c | ||
| kmem.h | ||
| Makefile | ||
| mrlock.h | ||
| time.h | ||
| uuid.c | ||
| uuid.h | ||
| xfs.h | ||
| xfs_acl.c | ||
| xfs_acl.h | ||
| xfs_ag.h | ||
| xfs_alloc.c | ||
| xfs_alloc.h | ||
| xfs_alloc_btree.c | ||
| xfs_alloc_btree.h | ||
| xfs_aops.c | ||
| xfs_aops.h | ||
| xfs_attr.c | ||
| xfs_attr.h | ||
| xfs_attr_inactive.c | ||
| xfs_attr_leaf.c | ||
| xfs_attr_leaf.h | ||
| xfs_attr_list.c | ||
| xfs_attr_remote.c | ||
| xfs_attr_remote.h | ||
| xfs_attr_sf.h | ||
| xfs_bit.c | ||
| xfs_bit.h | ||
| xfs_bmap.c | ||
| xfs_bmap.h | ||
| xfs_bmap_btree.c | ||
| xfs_bmap_btree.h | ||
| xfs_bmap_util.c | ||
| xfs_bmap_util.h | ||
| xfs_btree.c | ||
| xfs_btree.h | ||
| xfs_buf.c | ||
| xfs_buf.h | ||
| xfs_buf_item.c | ||
| xfs_buf_item.h | ||
| xfs_cksum.h | ||
| xfs_da_btree.c | ||
| xfs_da_btree.h | ||
| xfs_da_format.c | ||
| xfs_da_format.h | ||
| xfs_dinode.h | ||
| xfs_dir2.c | ||
| xfs_dir2.h | ||
| xfs_dir2_block.c | ||
| xfs_dir2_data.c | ||
| xfs_dir2_leaf.c | ||
| xfs_dir2_node.c | ||
| xfs_dir2_priv.h | ||
| xfs_dir2_readdir.c | ||
| xfs_dir2_sf.c | ||
| xfs_discard.c | ||
| xfs_discard.h | ||
| xfs_dquot.c | ||
| xfs_dquot.h | ||
| xfs_dquot_buf.c | ||
| xfs_dquot_item.c | ||
| xfs_dquot_item.h | ||
| xfs_error.c | ||
| xfs_error.h | ||
| xfs_export.c | ||
| xfs_export.h | ||
| xfs_extent_busy.c | ||
| xfs_extent_busy.h | ||
| xfs_extfree_item.c | ||
| xfs_extfree_item.h | ||
| xfs_file.c | ||
| xfs_filestream.c | ||
| xfs_filestream.h | ||
| xfs_format.h | ||
| xfs_fs.h | ||
| xfs_fsops.c | ||
| xfs_fsops.h | ||
| xfs_globals.c | ||
| xfs_ialloc.c | ||
| xfs_ialloc.h | ||
| xfs_ialloc_btree.c | ||
| xfs_ialloc_btree.h | ||
| xfs_icache.c | ||
| xfs_icache.h | ||
| xfs_icreate_item.c | ||
| xfs_icreate_item.h | ||
| xfs_inode.c | ||
| xfs_inode.h | ||
| xfs_inode_buf.c | ||
| xfs_inode_buf.h | ||
| xfs_inode_fork.c | ||
| xfs_inode_fork.h | ||
| xfs_inode_item.c | ||
| xfs_inode_item.h | ||
| xfs_inum.h | ||
| xfs_ioctl.c | ||
| xfs_ioctl.h | ||
| xfs_ioctl32.c | ||
| xfs_ioctl32.h | ||
| xfs_iomap.c | ||
| xfs_iomap.h | ||
| xfs_iops.c | ||
| xfs_iops.h | ||
| xfs_itable.c | ||
| xfs_itable.h | ||
| xfs_linux.h | ||
| xfs_log.c | ||
| xfs_log.h | ||
| xfs_log_cil.c | ||
| xfs_log_format.h | ||
| xfs_log_priv.h | ||
| xfs_log_recover.c | ||
| xfs_log_recover.h | ||
| xfs_log_rlimit.c | ||
| xfs_message.c | ||
| xfs_message.h | ||
| xfs_mount.c | ||
| xfs_mount.h | ||
| xfs_mru_cache.c | ||
| xfs_mru_cache.h | ||
| xfs_qm.c | ||
| xfs_qm.h | ||
| xfs_qm_bhv.c | ||
| xfs_qm_syscalls.c | ||
| xfs_quota.h | ||
| xfs_quota_defs.h | ||
| xfs_quotaops.c | ||
| xfs_rtalloc.c | ||
| xfs_rtalloc.h | ||
| xfs_rtbitmap.c | ||
| xfs_sb.c | ||
| xfs_sb.h | ||
| xfs_shared.h | ||
| xfs_stats.c | ||
| xfs_stats.h | ||
| xfs_super.c | ||
| xfs_super.h | ||
| xfs_symlink.c | ||
| xfs_symlink.h | ||
| xfs_symlink_remote.c | ||
| xfs_sysctl.c | ||
| xfs_sysctl.h | ||
| xfs_trace.c | ||
| xfs_trace.h | ||
| xfs_trans.c | ||
| xfs_trans.h | ||
| xfs_trans_ail.c | ||
| xfs_trans_buf.c | ||
| xfs_trans_dquot.c | ||
| xfs_trans_extfree.c | ||
| xfs_trans_inode.c | ||
| xfs_trans_priv.h | ||
| xfs_trans_resv.c | ||
| xfs_trans_resv.h | ||
| xfs_trans_space.h | ||
| xfs_types.h | ||
| xfs_vnode.h | ||
| xfs_xattr.c | ||