Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/fs
History
Al Viro 257e1c5c81 livelock avoidance in sget() 
commit acfec9a5a8 upstream.

Eric Sandeen has found a nasty livelock in sget() - take a mount(2) about
to fail.  The superblock is on ->fs_supers, ->s_umount is held exclusive,
->s_active is 1.  Along comes two more processes, trying to mount the same
thing; sget() in each is picking that superblock, bumping ->s_count and
trying to grab ->s_umount.  ->s_active is 3 now.  Original mount(2)
finally gets to deactivate_locked_super() on failure; ->s_active is 2,
superblock is still ->fs_supers because shutdown will *not* happen until
->s_active hits 0.  ->s_umount is dropped and now we have two processes
chasing each other:
s_active = 2, A acquired ->s_umount, B blocked
A sees that the damn thing is stillborn, does deactivate_locked_super()
s_active = 1, A drops ->s_umount, B gets it
A restarts the search and finds the same superblock.  And bumps it ->s_active.
s_active = 2, B holds ->s_umount, A blocked on trying to get it
... and we are in the earlier situation with A and B switched places.

The root cause, of course, is that ->s_active should not grow until we'd
got MS_BORN.  Then failing ->mount() will have deactivate_locked_super()
shut the damn thing down.  Fortunately, it's easy to do - the key point
is that grab_super() is called only for superblocks currently on ->fs_supers,
so it can bump ->s_count and grab ->s_umount first, then check MS_BORN and
bump ->s_active; we must never increment ->s_count for superblocks past
->kill_sb(), but grab_super() is never called for those.

The bug is pretty old; we would've caught it by now, if not for accidental
exclusion between sget() for block filesystems; the things like cgroup or
e.g. mtd-based filesystems don't have anything of that sort, so they get
bitten.  The right way to deal with that is obviously to fix sget()...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-08-04 16:25:59 +08:00
..
9p 9p changes for the 3.4 merge window 2012-03-28 09:58:38 -07:00
adfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
affs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
afs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
autofs4 autofs - remove autofs dentry mount check 2013-05-11 13:48:06 -07:00
befs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
bfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
btrfs Btrfs: re-add root to dead root list if we stop dropping it 2013-08-04 16:25:54 +08:00
cachefiles switch touch_atime to struct path 2012-03-20 21:29:41 -04:00
ceph ceph: fix statvfs fr_size 2013-06-20 11:58:47 -07:00
cifs Handle big endianness in NTLM (ntlmv2) authentication 2013-07-21 18:19:02 -07:00
coda Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
configfs make configfs_pin_fs() return root dentry on success 2012-03-20 21:29:48 -04:00
cramfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
debugfs simple_open: automatically convert to simple_open() 2012-04-05 15:25:50 -07:00
devpts Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
dlm dlm fixes for 3.4 2012-04-23 18:22:42 -07:00
ecryptfs eCryptfs: check for eCryptfs cipher support at mount 2012-11-26 11:37:49 -08:00
efs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
exofs ore: Fix out-of-bounds access in _ios_obj() 2012-08-15 08:10:09 -07:00
exportfs
ext2 migrate ext2_fs.h guts to fs/ext2/ext2.h 2012-03-31 16:03:16 -04:00
ext3 ext3: fix data=journal fast mount/umount hang 2013-07-28 16:25:40 -07:00
ext4 ext4: don't allow ext4_free_blocks() to fail due to ENOMEM 2013-07-21 18:19:02 -07:00
fat fat: fix possible overflow for fat_clusters 2013-06-07 12:49:12 -07:00
freevxfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
fscache fs/fscache/stats.c: fix memory leak 2013-05-07 19:51:55 -07:00
fuse fuse: don't WARN when nlink is zero 2013-03-04 06:06:43 +08:00
gfs2 GFS2: Test bufdata with buffer locked and gfs2_log_lock held 2013-01-17 08:51:06 -08:00
hfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
hfsplus hfsplus: fix potential overflow in hfsplus_file_truncate() 2013-04-25 21:19:54 -07:00
hostfs Merge branch 'for-linus-3.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml 2012-03-27 18:29:53 -07:00
hpfs hpfs: better test for errors 2013-07-13 11:03:40 -07:00
hppfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
hugetlbfs hugetlbfs: fix mmap failure in unaligned size request 2013-05-19 10:54:48 -07:00
isofs isofs: avoid info leak on export 2013-03-28 12:12:27 -07:00
jbd jbd: Fix lock ordering bug in journal_unmap_buffer() 2012-12-03 11:47:10 -08:00
jbd2 jbd2: fix theoretical race in jbd2__journal_restart 2013-07-21 18:19:00 -07:00
jffs2 jffs2: hold erase_completion_lock on exit 2013-01-17 08:50:46 -08:00
jfs jfs: fix a couple races 2013-06-07 12:49:34 -07:00
lockd lockd: protect nlm_blocked access in nlmsvc_retry_blocked 2013-07-28 16:26:17 -07:00
logfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
minix Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
ncpfs Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
nfs NFSv4: Fix a thinko in nfs4_try_open_cached 2013-06-07 12:49:30 -07:00
nfs_common
nfsd nfsd4: fix decoding of compounds across page boundaries 2013-07-13 11:03:41 -07:00
nilfs2 nilfs2: fix issue of nilfs_set_page_dirty() for page at EOF boundary 2013-06-07 12:49:21 -07:00
nls
notify inotify: invalid mask should return a error number but not set it 2013-06-27 11:27:34 -07:00
ntfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
ocfs2 ocfs2: xattr: fix inlined xattr reflink 2013-07-21 18:19:01 -07:00
omfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
openpromfs switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
proc nohz: Fix idle ticks in cpu summary line of /proc/stat 2012-10-28 10:14:12 -07:00
pstore pstore: Avoid deadlock in panic and emergency-restart path 2013-03-04 06:06:43 +08:00
qnx4 qnx4: new helper - try_extent() 2012-03-20 21:29:52 -04:00
qnx6 fs: initial qnx6fs addition 2012-03-20 21:29:38 -04:00
quota Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs 2012-03-28 10:00:14 -07:00
ramfs fs: ramfs: file-nommu: add SetPageUptodate() 2012-07-16 09:04:45 -07:00
reiserfs reiserfs: Fix warning and inode leak when deleting inode with xattrs 2013-04-12 09:38:43 -07:00
romfs MTD merge for 3.4 2012-03-30 17:31:56 -07:00
squashfs Add an extra mount time sanity check, plus some code cleanups and bug fixes. 2012-03-28 18:05:54 -07:00
sysfs sysfs: fix use after free in case of concurrent read/write and readdir 2013-05-07 19:51:54 -07:00
sysv switch open-coded instances of d_make_root() to new helper 2012-03-20 21:29:35 -04:00
ubifs UBIFS: fix a horrid bug 2013-07-03 10:59:05 -07:00
udf udf: avoid info leak on export 2013-03-28 12:12:27 -07:00
ufs Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
xfs xfs: kill suid/sgid through the truncate path. 2013-06-07 12:49:30 -07:00
aio.c aio: fix possible invalid memory access when DEBUG is enabled 2013-05-01 09:41:03 -07:00
anon_inodes.c anon_inodes: move allocation of anon_inode into ->mount() 2012-03-20 21:29:45 -04:00
attr.c vfs: increment iversion when a file is truncated 2012-06-10 00:36:12 +09:00
bad_inode.c
binfmt_aout.c VM: add "vm_mmap()" helper function 2012-04-20 17:29:13 -07:00
binfmt_elf.c coredump: prevent double-free on an error path in core dumper 2012-10-07 08:32:27 -07:00
binfmt_elf_fdpic.c VM: add "vm_mmap()" helper function 2012-04-20 17:29:13 -07:00
binfmt_em86.c exec: use -ELOOP for max recursion depth 2013-03-28 12:12:28 -07:00
binfmt_flat.c VM: add "vm_mmap()" helper function 2012-04-20 17:29:13 -07:00
binfmt_misc.c exec: use -ELOOP for max recursion depth 2013-03-28 12:12:28 -07:00
binfmt_script.c exec: use -ELOOP for max recursion depth 2013-03-28 12:12:28 -07:00
binfmt_som.c VM: add "vm_mmap()" helper function 2012-04-20 17:29:13 -07:00
bio-integrity.c fs: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:21 +08:00
bio.c bio allocation failure due to bio_get_nr_vecs() 2012-05-11 16:45:12 +02:00
block_dev.c writeback: Fix periodic writeback after fs mount 2013-07-28 16:26:08 -07:00
buffer.c block: replace __getblk_slow misfix by grow_dev_page fix 2012-09-14 10:00:20 -07:00
char_dev.c
compat.c Fix: compat_rw_copy_check_uvector() misuse in aio, readv, writev, and security keys 2013-03-14 11:29:51 -07:00
compat_binfmt_elf.c
compat_ioctl.c fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check 2012-10-31 10:02:55 -07:00
dcache.c fs/dcache.c: add cond_resched() to shrink_dcache_parent() 2013-05-07 19:51:56 -07:00
dcookies.c
direct-io.c fs: Fix possible use-after-free with AIO 2013-03-04 06:06:41 +08:00
drop_caches.c
eventfd.c
eventpoll.c epoll: prevent missed events on EPOLL_CTL_MOD 2013-01-17 08:50:54 -08:00
exec.c perf: Disable monitoring on setuid processes for regular users 2013-07-03 10:59:04 -07:00
fcntl.c
fhandle.c
fifo.c fifo: Do not restart open() if it already found a partner 2012-07-19 08:58:56 -07:00
file.c Merge branch 'x86-x32-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2012-03-29 18:12:23 -07:00
file_table.c vfs: drop_file_write_access() made static 2012-03-20 21:29:32 -04:00
filesystems.c
fs-writeback.c ext4: fix potential deadlock in ext4_nonda_switch() 2012-10-13 05:38:49 +09:00
fs_struct.c The following text was taken from the original review request: 2012-03-24 10:24:31 -07:00
generic_acl.c
inode.c vfs: Revert spurious fix to spinning prevention in prune_icache_sb 2013-04-16 21:27:26 -07:00
internal.h
ioctl.c
ioprio.c
Kconfig Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-03-21 13:36:41 -07:00
Kconfig.binfmt
libfs.c dentry leak in simple_fill_super() failure exit 2012-04-09 01:39:22 -04:00
locks.c locks: fix checking of fcntl_setlease argument 2012-08-09 08:31:29 -07:00
Makefile fs: initial qnx6fs addition 2012-03-20 21:29:38 -04:00
mbcache.c
mount.h
mpage.c
namei.c vfs: make word-at-a-time accesses handle a non-existing page 2012-05-03 14:01:40 -07:00
namespace.c vfs: umount_tree() might be called on subtree that had never made it 2012-06-10 00:36:12 +09:00
no-block.c
open.c vfs: canonicalize create mode in build_open_flags() 2012-09-14 10:00:05 -07:00
pipe.c vfs: fix pipe counter breakage 2013-03-14 11:29:51 -07:00
pnode.c
pnode.h
posix_acl.c
proc_namespace.c
read_write.c
read_write.h
readdir.c
select.c posix_types.h: Cleanup stale __NFDBITS and related definitions 2012-08-09 08:31:39 -07:00
seq_file.c The following text was taken from the original review request: 2012-03-24 10:24:31 -07:00
signalfd.c
splice.c tcp: fix MSG_SENDPAGE_NOTLAST logic 2013-01-11 09:07:14 -08:00
stack.c
stat.c vfs: make O_PATH file descriptors usable for 'fstat()' 2012-10-02 10:29:51 -07:00
statfs.c
super.c livelock avoidance in sget() 2013-08-04 16:25:59 +08:00
sync.c fs: reduce the use of module.h wherever possible 2012-02-28 19:31:58 -05:00
timerfd.c
utimes.c
xattr.c fs/xattr.c:setxattr(): improve handling of allocation failures 2012-04-05 15:25:50 -07:00
xattr_acl.c