mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-02-09 08:33:15 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
b6fac63cc1f52ec27f29fe6c6c8494a2ffac33fd
linux/fs
History
Wu Fengguang b6fac63cc1 vfs: skip I_CLEAR state inodes 
clear_inode() will switch inode state from I_FREEING to I_CLEAR, and do so
_outside_ of inode_lock.  So any I_FREEING testing is incomplete without a
coupled testing of I_CLEAR.

So add I_CLEAR tests to drop_pagecache_sb(), generic_sync_sb_inodes() and
add_dquot_ref().

Masayoshi MIZUMA discovered the bug in drop_pagecache_sb() and Jan Kara
reminds fixing the other two cases.

Masayoshi MIZUMA has a nice panic flow:

=====================================================================
            [process A]               |        [process B]
 |                                    |
 |    prune_icache()                  | drop_pagecache()
 |      spin_lock(&inode_lock)        |   drop_pagecache_sb()
 |      inode->i_state |= I_FREEING;  |       |
 |      spin_unlock(&inode_lock)      |       V
 |          |                         |     spin_lock(&inode_lock)
 |          V                         |         |
 |      dispose_list()                |         |
 |        list_del()                  |         |
 |        clear_inode()               |         |
 |          inode->i_state = I_CLEAR  |         |
 |            |                       |         V
 |            |                       |      if (inode->i_state & (I_FREEING|I_WILL_FREE))
 |            |                       |              continue;           <==== NOT MATCH
 |            |                       |
 |            |                       | (DANGER from here on! Accessing disposing inode!)
 |            |                       |
 |            |                       |      __iget()
 |            |                       |        list_move() <===== PANIC on poisoned list !!
 V            V                       |
(time)
=====================================================================

Reported-by: Masayoshi MIZUMA <m.mizuma@jp.fujitsu.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Wu Fengguang <fengguang.wu@intel.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-04-02 19:04:48 -07:00
..
9p
vfs: simple_set_mnt() should return void
2009-03-27 14:44:03 -04:00
adfs
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
affs
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
afs
proc 2/2: remove struct proc_dir_entry::owner
2009-03-31 01:14:44 +04:00
autofs
constify dentry_operations: autofs, autofs4
2009-03-27 14:44:00 -04:00
autofs4
autofs4: fix lookup deadlock
2009-04-01 08:59:23 -07:00
befs
fs/Kconfig: move befs out
2009-01-22 13:15:57 +03:00
bfs
fs/Kconfig: move bfs out
2009-01-22 13:15:57 +03:00
btrfs
Merge git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable
2009-04-01 10:20:44 -07:00
cifs
proc 2/2: remove struct proc_dir_entry::owner
2009-03-31 01:14:44 +04:00
coda
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
configfs
constify dentry_operations: configfs
2009-03-27 14:44:03 -04:00
cramfs
fs/Kconfig: move cramfs out
2009-01-22 13:15:58 +03:00
debugfs
debugfs: add helpers for exporting a size_t simple value
2009-01-07 10:00:16 -08:00
devpts
Merge code for single and multiple-instance mounts
2009-03-27 14:44:04 -04:00
dlm
dlm: fix length calculation in compat code
2009-03-11 12:23:59 -05:00
ecryptfs
ecryptfs: use kzfree()
2009-04-01 08:59:23 -07:00
efs
fs/Kconfig: move efs out
2009-01-22 13:15:57 +03:00
exportfs
Merge branch 'next' into for-linus
2008-12-25 11:40:09 +11:00
ext2
ext2: Zero our b_size in ext2_quota_read()
2009-03-26 02:18:38 +01:00
ext3
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-quota-2.6
2009-03-27 14:48:34 -07:00
ext4
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
2009-04-01 10:57:49 -07:00
fat
constify dentry_operations: FAT
2009-03-27 14:44:01 -04:00
freevxfs
fs/Kconfig: move vxfs out
2009-01-22 13:15:58 +03:00
fuse
mm: page_mkwrite change prototype to match fault
2009-04-01 08:59:14 -07:00
gfs2
mm: page_mkwrite change prototype to match fault
2009-04-01 08:59:14 -07:00
hfs
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
hfsplus
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
hostfs
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
hpfs
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
hppfs
CRED: Use creds in file structs
2008-11-14 10:39:25 +11:00
hugetlbfs
mm: reintroduce and deprecate rlimit based access for SHM_HUGETLB
2009-04-01 08:59:12 -07:00
isofs
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
jbd
jbd: fix return value of journal_start_commit()
2009-02-11 14:25:35 -08:00
jbd2
jbd2: Update locking coments
2009-03-27 17:20:40 -04:00
jffs2
[JFFS2] fix mount crash caused by removed nodes
2009-02-21 11:09:29 +01:00
jfs
proc 2/2: remove struct proc_dir_entry::owner
2009-03-31 01:14:44 +04:00
lockd
NSM: Fix unaligned accesses in nsm_init_private()
2009-04-01 13:24:14 -04:00
minix
Update my email address
2009-03-22 11:28:37 -07:00
ncpfs
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
nfs
Merge branch 'devel' into for-linus
2009-04-01 13:28:15 -04:00
nfs_common
SUNRPC: nfsacl_encode/nfsacl_decode should be exported as GPL-only
2008-12-23 15:21:32 -05:00
nfsd
Merge branch 'devel' into for-linus
2009-04-01 13:28:15 -04:00
nls
remove CONFIG_KMOD from fs
2008-10-17 02:38:36 +11:00
notify
fs: avoid I_NEW inodes
2009-03-27 14:44:05 -04:00
ntfs
ntfs: remove private wrapper of endian helpers
2009-04-01 08:59:18 -07:00
ocfs2
mm: page_mkwrite change prototype to match fault
2009-04-01 08:59:14 -07:00
omfs
fs/Kconfig: move omfs out
2009-01-22 13:15:58 +03:00
openpromfs
zero i_uid/i_gid on inode allocation
2009-01-05 11:54:28 -05:00
partitions
Merge branch 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6
2009-03-26 16:04:22 -07:00
proc
nommu: fix a number of issues with the per-MM VMA patch
2009-04-02 19:04:48 -07:00
qnx4
fs/Kconfig: move qnx4 out
2009-01-22 13:15:59 +03:00
quota
vfs: skip I_CLEAR state inodes
2009-04-02 19:04:48 -07:00
ramfs
ramfs: add support for "mode=" mount option
2009-04-01 08:59:22 -07:00
reiserfs
Merge branch 'proc-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/adobriyan/proc
2009-03-30 16:06:04 -07:00
romfs
fs/Kconfig: move romfs out
2009-01-22 13:15:59 +03:00
smbfs
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
squashfs
Squashfs: Valid filesystems are flagged as bad by the corrupted fs patch
2009-03-12 03:23:48 +00:00
sysfs
mm: page_mkwrite change prototype to match fault: fix sysfs
2009-04-01 08:59:14 -07:00
sysv
constify dentry_operations: misc filesystems
2009-03-27 14:44:00 -04:00
ubifs
mm: page_mkwrite change prototype to match fault
2009-04-01 08:59:14 -07:00
udf
udf: Use lowercase names of quota functions
2009-03-26 02:18:36 +01:00
ufs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-03-27 16:23:12 -07:00
xfs
mm: page_mkwrite change prototype to match fault
2009-04-01 08:59:14 -07:00
aio.c
aio: lookup_ioctx can return the wrong value when looking up a bogus context
2009-03-19 15:57:18 -07:00
anon_inodes.c
constify dentry_operations: rest
2009-03-27 14:44:03 -04:00
attr.c
vfs: Use lowercase names of quota functions
2009-03-26 02:18:35 +01:00
bad_inode.c
kill ->dir_notify()
2008-12-31 18:07:43 -05:00
binfmt_aout.c
sanitize ifdefs in binfmt_aout
2009-01-03 11:45:54 -08:00
binfmt_elf_fdpic.c
FDPIC: Don't attempt to expand the userspace stack to fill the space allocated
2009-01-08 12:04:47 +00:00
binfmt_elf.c
elf core dump: fix get_user use
2009-02-06 17:34:07 -08:00
binfmt_em86.c
Allow recursion in binfmt_script and binfmt_misc
2008-10-16 11:21:38 -07:00
binfmt_flat.c
FLAT: Don't attempt to expand the userspace stack to fill the space allocated
2009-01-08 12:04:47 +00:00
binfmt_misc.c
fs/binfmt_misc.c: add terminating newline to /proc/sys/fs/binfmt_misc/status
2009-01-06 15:59:19 -08:00
binfmt_script.c
Allow recursion in binfmt_script and binfmt_misc
2008-10-16 11:21:38 -07:00
binfmt_som.c
CRED: Make execve() take advantage of copy-on-write credentials
2008-11-14 10:39:24 +11:00
bio-integrity.c
block: add private bio_set for bio integrity allocations
2009-03-24 12:35:17 +01:00
bio.c
block: add private bio_set for bio integrity allocations
2009-03-24 12:35:17 +01:00
block_dev.c
fs: move bdev code out of buffer.c
2009-03-27 14:44:03 -04:00
buffer.c
filesystem freeze: allow SysRq emergency thaw to thaw frozen filesystems
2009-04-01 08:59:17 -07:00
char_dev.c
fs: fix name overwrite in __register_chrdev_region()
2009-01-06 15:59:13 -08:00
compat_binfmt_elf.c
compat_ioctl.c
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2009-03-01 21:35:16 -08:00
compat.c
fix setuid sometimes doesn't
2009-03-28 17:30:00 -07:00
dcache.c
cleanup d_add_ci
2009-03-27 14:43:57 -04:00
dcookies.c
[CVE-2009-0029] System call wrapper special cases
2009-01-14 14:15:18 +01:00
direct-io.c
fs: truncate blocks outside i_size after O_DIRECT write error
2009-01-06 15:59:06 -08:00
drop_caches.c
vfs: skip I_CLEAR state inodes
2009-04-02 19:04:48 -07:00
eventfd.c
epoll keyed wakeups: make eventfd use keyed wakeups
2009-04-01 08:59:20 -07:00
eventpoll.c
epoll keyed wakeups: teach epoll about hints coming with the wakeup key
2009-04-01 08:59:20 -07:00
exec.c
fix setuid sometimes doesn't
2009-03-28 17:30:00 -07:00
fcntl.c
Fix a lockdep warning in fasync_helper()
2009-03-30 08:00:24 -06:00
fifo.c
[PATCH] introduce fmode_t, do annotations
2008-10-21 07:47:06 -04:00
file_table.c
Merge branch 'bkl-removal' of git://git.lwn.net/linux-2.6
2009-03-26 16:14:02 -07:00
file.c
[PATCH] merge locate_fd() and get_unused_fd()
2008-08-01 11:25:23 -04:00
filesystems.c
[CVE-2009-0029] System call wrappers part 27
2009-01-14 14:15:29 +01:00
fs-writeback.c
vfs: skip I_CLEAR state inodes
2009-04-02 19:04:48 -07:00
generic_acl.c
inode.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-03-27 16:23:12 -07:00
internal.h
fix setuid sometimes doesn't
2009-03-28 17:30:00 -07:00
ioctl.c
Rationalize fasync return values
2009-03-16 08:34:35 -06:00
ioprio.c
[CVE-2009-0029] System call wrappers part 28
2009-01-14 14:15:30 +01:00
Kconfig
quota: Move quota files into separate directory
2009-03-26 02:18:35 +01:00
Kconfig.binfmt
CORE_DUMP_DEFAULT_ELF_HEADERS depends on ELF_CORE
2009-01-09 16:54:41 -08:00
libfs.c
vfs: simple_set_mnt() should return void
2009-03-27 14:44:03 -04:00
locks.c
[CVE-2009-0029] System call wrappers part 16
2009-01-14 14:15:25 +01:00
Makefile
quota: Move quota files into separate directory
2009-03-26 02:18:35 +01:00
mbcache.c
mpage.c
do_mpage_readpage(): remove useless clear_buffer_mapped() call
2009-01-06 15:59:01 -08:00
namei.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-03-27 16:23:12 -07:00
namespace.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-03-27 16:23:12 -07:00
nfsctl.c
[CVE-2009-0029] System call wrappers part 27
2009-01-14 14:15:29 +01:00
no-block.c
open.c
vfs: Use lowercase names of quota functions
2009-03-26 02:18:35 +01:00
pipe.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-03-27 16:23:12 -07:00
pnode.c
pnode.h
posix_acl.c
CRED: Wrap task credential accesses in the filesystem subsystem
2008-11-14 10:39:05 +11:00
read_write.c
[CVE-2009-0029] System call wrappers part 20
2009-01-14 14:15:26 +01:00
read_write.h
readdir.c
[CVE-2009-0029] System call wrappers part 32
2009-01-14 14:15:31 +01:00
select.c
[CVE-2009-0029] System call wrappers part 32
2009-01-14 14:15:31 +01:00
seq_file.c
cpumask: fix seq_bitmap_*() functions.
2009-03-30 22:05:11 +10:30
signalfd.c
[CVE-2009-0029] System call wrappers part 31
2009-01-14 14:15:31 +01:00
splice.c
[CVE-2009-0029] System call wrappers part 31
2009-01-14 14:15:31 +01:00
stack.c
stat.c
[CVE-2009-0029] System call wrappers part 30
2009-01-14 14:15:30 +01:00
super.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-03-27 16:23:12 -07:00
sync.c
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-quota-2.6
2009-03-27 14:48:34 -07:00
timerfd.c
timerfd: add flags check
2009-02-18 15:37:53 -08:00
utimes.c
[CVE-2009-0029] System call wrappers part 30
2009-01-14 14:15:30 +01:00
xattr_acl.c
xattr.c
[CVE-2009-0029] System call wrappers part 13
2009-01-14 14:15:23 +01:00