linux-dev/fs/configfs, branch masterLinux kernel development work - see feature brancheshttps://git.zx2c4.com/linux-dev/atom/fs/configfs?h=master2022-02-22T17:30:28Zconfigfs: fix a race in configfs_{,un}register_subsystem()2022-02-22T17:30:28ZChenXiaoSongchenxiaosong2@huawei.com2022-02-15T07:10:30Zurn:sha1:84ec758fb2daa236026506868c8796b0500c047d
When configfs_register_subsystem() or configfs_unregister_subsystem()
is executing link_group() or unlink_group(),
it is possible that two processes add or delete list concurrently.
Some unfortunate interleavings of them can cause kernel panic.
One of cases is:
A --> B --> C --> D
A <-- B <-- C <-- D
delete list_head *B | delete list_head *C
--------------------------------|-----------------------------------
configfs_unregister_subsystem | configfs_unregister_subsystem
unlink_group | unlink_group
unlink_obj | unlink_obj
list_del_init | list_del_init
__list_del_entry | __list_del_entry
__list_del | __list_del
// next == C |
next->prev = prev |
| next->prev = prev
prev->next = next |
| // prev == B
| prev->next = next
Fix this by adding mutex when calling link_group() or unlink_group(),
but parent configfs_subsystem is NULL when config_item is root.
So I create a mutex configfs_subsystem_mutex.
Fixes: 7063fbf22611 ("[PATCH] configfs: User-driven configuration filesystem")
Signed-off-by: ChenXiaoSong <chenxiaosong2@huawei.com>
Signed-off-by: Laibin Qiu <qiulaibin@huawei.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
fsnotify: fix fsnotify hooks in pseudo filesystems2022-01-24T13:17:02ZAmir Goldsteinamir73il@gmail.com2022-01-20T21:53:05Zurn:sha1:29044dae2e746949ad4b9cbdbfb248994d1dcdb4
Commit 49246466a989 ("fsnotify: move fsnotify_nameremove() hook out of
d_delete()") moved the fsnotify delete hook before d_delete() so fsnotify
will have access to a positive dentry.
This allowed a race where opening the deleted file via cached dentry
is now possible after receiving the IN_DELETE event.
To fix the regression in pseudo filesystems, convert d_delete() calls
to d_drop() (see commit 46c46f8df9aa ("devpts_pty_kill(): don't bother
with d_delete()") and move the fsnotify hook after d_drop().
Add a missing fsnotify_unlink() hook in nfsdfs that was found during
the audit of fsnotify hooks in pseudo filesystems.
Note that the fsnotify hooks in simple_recursive_removal() follow
d_invalidate(), so they require no change.
Link: https://lore.kernel.org/r/20220120215305.282577-2-amir73il@gmail.com
Reported-by: Ivan Delalande <colona@arista.com>
Link: https://lore.kernel.org/linux-fsdevel/YeNyzoDM5hP5LtGW@visor/
Fixes: 49246466a989 ("fsnotify: move fsnotify_nameremove() hook out of d_delete()")
Cc: stable@vger.kernel.org # v5.3+
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
configfs: fix a race in configfs_lookup()2021-08-25T05:58:49ZSishuai Gongsishuai@purdue.edu2021-08-25T05:52:20Zurn:sha1:c42dd069be8dfc9b2239a5c89e73bbd08ab35de0
When configfs_lookup() is executing list_for_each_entry(),
it is possible that configfs_dir_lseek() is calling list_del().
Some unfortunate interleavings of them can cause a kernel NULL
pointer dereference error
Thread 1 Thread 2
//configfs_dir_lseek() //configfs_lookup()
list_del(&cursor->s_sibling);
list_for_each_entry(sd, ...)
Fix this by grabbing configfs_dirent_lock in configfs_lookup()
while iterating ->s_children.
Signed-off-by: Sishuai Gong <sishuai@purdue.edu>
Signed-off-by: Christoph Hellwig <hch@lst.de>
configfs: fold configfs_attach_attr into configfs_lookup2021-08-25T05:58:46ZChristoph Hellwighch@lst.de2021-08-25T05:50:32Zurn:sha1:d07f132a225c013e59aa77f514ad9211ecab82ee
This makes it more clear what gets added to the dcache and prepares
for an additional locking fix.
Signed-off-by: Christoph Hellwig <hch@lst.de>
configfs: simplify the configfs_dirent_is_ready2021-08-25T05:43:55ZChristoph Hellwighch@lst.de2021-08-25T05:43:55Zurn:sha1:899587c8d0908e5124fd074d52bf05b4b0633a79
Return the error directly instead of using a goto.
Signed-off-by: Christoph Hellwig <hch@lst.de>
configfs: return -ENAMETOOLONG earlier in configfs_lookup2021-08-25T05:42:44ZChristoph Hellwighch@lst.de2021-08-25T05:42:44Zurn:sha1:417b962ddeca2b70eb72d28c87541bdad4e234f8
Just like most other file systems: get the simple checks out of the
way first.
Signed-off-by: Christoph Hellwig <hch@lst.de>
configfs: restore the kernel v5.13 text attribute write behavior2021-08-09T14:56:00ZBart Van Asschebvanassche@acm.org2021-08-05T04:35:01Zurn:sha1:769f52676756b8c5feb302d2d95af59577fc69ec
Instead of appending new text attribute data at the offset specified by the
write() system call, only pass the newly written data to the .store()
callback.
Reported-by: Bodo Stroesser <bostroesser@gmail.com>
Tested-by: Bodo Stroesser <bostroesser@gmail.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
configfs: fix the read and write iterators2021-07-13T18:56:24ZBart Van Asschebvanassche@acm.org2021-07-13T17:49:26Zurn:sha1:420405ecde061fde76d67bd3a67577a563ea758e
Commit 7fe1e79b59ba ("configfs: implement the .read_iter and .write_iter
methods") changed the simple_read_from_buffer() calls into copy_to_iter()
calls and the simple_write_to_buffer() calls into copy_from_iter() calls.
The simple*buffer() methods update the file offset (*ppos) but the read
and write iterators not yet. Make the read and write iterators update the
file offset (iocb->ki_pos).
This patch has been tested as follows:
# modprobe target_core_user
# dd if=/sys/kernel/config/target/dbroot bs=1
/var/target
12+0 records in
12+0 records out
12 bytes copied, 9.5539e-05 s, 126 kB/s
# cd /sys/kernel/config/acpi/table
# mkdir test
# cd test
# dmesg -c >/dev/null; printf 'SSDT\x8\0\0\0abcdefghijklmnopqrstuvwxyz' | dd of=aml bs=1; dmesg -c
34+0 records in
34+0 records out
34 bytes copied, 0.010627 s, 3.2 kB/s
[ 261.056551] ACPI configfs: invalid table length
Reported-by: Yanko Kaneti <yaneti@declera.com>
Cc: Yanko Kaneti <yaneti@declera.com>
Fixes: 7fe1e79b59ba ("configfs: implement the .read_iter and .write_iter methods")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Merge tag 'configfs-5.13' of git://git.infradead.org/users/hch/configfs2021-07-02T21:13:21ZLinus Torvaldstorvalds@linux-foundation.org2021-07-02T21:13:21Zurn:sha1:ced4cca754a6322463720768ce50c45c2865ba5b
Pull configfs updates from Christoph Hellwig:
- fix a memleak in configfs_release_bin_file (Chung-Chiang Cheng)
- implement the .read_iter and .write_iter (Bart Van Assche)
- minor cleanups (Bart Van Assche, me)
* tag 'configfs-5.13' of git://git.infradead.org/users/hch/configfs:
configfs: simplify configfs_release_bin_file
configfs: fix memleak in configfs_release_bin_file
configfs: implement the .read_iter and .write_iter methods
configfs: drop pointless kerneldoc comments
configfs: fix the kerneldoc comment for configfs_create_bin_file
fs: move ramfs_aops to libfs2021-06-29T17:53:48ZChristoph Hellwighch@lst.de2021-06-29T02:36:09Zurn:sha1:c1e3dbe9818e3caa4e467255a348df56912ca549
Move the ramfs aops to libfs and reuse them for kernfs and configfs.
Thosw two did not wire up ->set_page_dirty before and now get
__set_page_dirty_no_writeback, which is the right one for no-writeback
address_space usage.
Drop the now unused exports of the libfs helpers only used for ramfs-style
pagecache usage.
Link: https://lkml.kernel.org/r/20210614061512.3966143-3-hch@lst.de
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>