releases/3.16.60/ufs-fix-possible-deadlock-when-looking-up-directories.patch - pub/scm/linux/kernel/git/bwh/linux-stable-queue - Git at Google

 From: Jan Kara <jack@suse.cz>
 Date: Tue, 2 Jun 2015 11:26:34 +0200
 Subject: ufs: Fix possible deadlock when looking up directories

 commit 514d748f69c97a51a2645eb198ac5c6218f22ff9 upstream.

 Commit e4502c63f56aeca88 (ufs: deal with nfsd/iget races) made ufs
 create inodes with I_NEW flag set. However ufs_mkdir() never cleared
 this flag. Thus if someone ever tried to lookup the directory by inode
 number, he would deadlock waiting for I_NEW to be cleared. Luckily this
 mostly happens only if the filesystem is exported over NFS since
 otherwise we have the inode attached to dentry and don't look it up by
 inode number. In rare cases dentry can get freed without inode being
 freed and then we'd hit the deadlock even without NFS export.

 Fix the problem by clearing I_NEW before instantiating new directory
 inode.

 Fixes: e4502c63f56aeca887ced37f24e0def1ef11cec8
 Reported-by: Fabian Frederick <fabf@skynet.be>
 Signed-off-by: Jan Kara <jack@suse.cz>
 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
 Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 ---
  fs/ufs/namei.c | 1 +
  1 file changed, 1 insertion(+)

 --- a/fs/ufs/namei.c
 +++ b/fs/ufs/namei.c
 @@ -212,6 +212,7 @@ static int ufs_mkdir(struct inode * dir,
  		goto out_fail;
  	unlock_ufs(dir->i_sb);

 +	unlock_new_inode(inode);
  	d_instantiate(dentry, inode);
  out:
  	return err;
	From: Jan Kara <jack@suse.cz>
	Date: Tue, 2 Jun 2015 11:26:34 +0200
	Subject: ufs: Fix possible deadlock when looking up directories

	commit 514d748f69c97a51a2645eb198ac5c6218f22ff9 upstream.

	Commit e4502c63f56aeca88 (ufs: deal with nfsd/iget races) made ufs
	create inodes with I_NEW flag set. However ufs_mkdir() never cleared
	this flag. Thus if someone ever tried to lookup the directory by inode
	number, he would deadlock waiting for I_NEW to be cleared. Luckily this
	mostly happens only if the filesystem is exported over NFS since
	otherwise we have the inode attached to dentry and don't look it up by
	inode number. In rare cases dentry can get freed without inode being
	freed and then we'd hit the deadlock even without NFS export.

	Fix the problem by clearing I_NEW before instantiating new directory
	inode.

	Fixes: e4502c63f56aeca887ced37f24e0def1ef11cec8
	Reported-by: Fabian Frederick <fabf@skynet.be>
	Signed-off-by: Jan Kara <jack@suse.cz>
	Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
	Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
	---
	fs/ufs/namei.c \| 1 +
	1 file changed, 1 insertion(+)

	--- a/fs/ufs/namei.c
	+++ b/fs/ufs/namei.c
	@@ -212,6 +212,7 @@ static int ufs_mkdir(struct inode * dir,
	goto out_fail;
	unlock_ufs(dir->i_sb);

	+ unlock_new_inode(inode);
	d_instantiate(dentry, inode);
	out:
	return err;