Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 50d77739 authored by NeilBrown's avatar NeilBrown Committed by Trond Myklebust
Browse files

NFS: fix two problems in lookup_revalidate in RCU-walk 



1/ rcu_dereference isn't correct: that field isn't
   RCU protected.   It could potentially change at any time
   so ACCESS_ONCE might be justified.

   changes to ->d_parent are protected by ->d_seq.  However
   that isn't always checked after ->d_revalidate is called,
   so it is safest to keep the double-check that ->d_parent
   hasn't changed at the end of these functions.

2/ in nfs4_lookup_revalidate, "->d_parent" was forgotten.
   So 'parent' was not the parent of 'dentry'.
   This fails safe is the context is that dentry->d_inode is
   NULL, and the result of parent->d_inode being NULL is
   that ECHILD is returned, which is always safe.

Reported-by: default avatarkbuild test robot <fengguang.wu@intel.com>
Signed-off-by: default avatarNeilBrown <neilb@suse.de>
Signed-off-by: default avatarTrond Myklebust <trond.myklebust@primarydata.com>
parent f682a398

fs/nfs/dir.c

+4 −4
Original line number Original line Diff line number Diff line
@@ -1102,7 +1102,7 @@ static int nfs_lookup_revalidate(struct dentry *dentry, unsigned int flags) 
	int error;

	int error;





	if (flags & LOOKUP_RCU) {

	if (flags & LOOKUP_RCU) {

		parent = rcu_dereference(dentry->d_parent);

		parent = ACCESS_ONCE(dentry->d_parent);

		dir = ACCESS_ONCE(parent->d_inode);

		dir = ACCESS_ONCE(parent->d_inode);

		if (!dir)

		if (!dir)

			return -ECHILD;

			return -ECHILD;
@@ -1184,7 +1184,7 @@ static int nfs_lookup_revalidate(struct dentry *dentry, unsigned int flags) 
	nfs_advise_use_readdirplus(dir);

	nfs_advise_use_readdirplus(dir);

 out_valid_noent:

 out_valid_noent:

	if (flags & LOOKUP_RCU) {

	if (flags & LOOKUP_RCU) {

		if (parent != rcu_dereference(dentry->d_parent))

		if (parent != ACCESS_ONCE(dentry->d_parent))

			return -ECHILD;

			return -ECHILD;

	} else

	} else

		dput(parent);

		dput(parent);
@@ -1585,7 +1585,7 @@ static int nfs4_lookup_revalidate(struct dentry *dentry, unsigned int flags) 
		struct inode *dir;

		struct inode *dir;





		if (flags & LOOKUP_RCU) {

		if (flags & LOOKUP_RCU) {

			parent = rcu_dereference(dentry);

			parent = ACCESS_ONCE(dentry->d_parent);

			dir = ACCESS_ONCE(parent->d_inode);

			dir = ACCESS_ONCE(parent->d_inode);

			if (!dir)

			if (!dir)

				return -ECHILD;

				return -ECHILD;
@@ -1599,7 +1599,7 @@ static int nfs4_lookup_revalidate(struct dentry *dentry, unsigned int flags) 
			ret = -ECHILD;

			ret = -ECHILD;

		if (!(flags & LOOKUP_RCU))

		if (!(flags & LOOKUP_RCU))

			dput(parent);

			dput(parent);

		else if (parent != rcu_dereference(dentry))

		else if (parent != ACCESS_ONCE(dentry->d_parent))

			return -ECHILD;

			return -ECHILD;

		goto out;

		goto out;

	}

	}