• David Woodhouse's avatar
    Fix i_mutex vs. readdir handling in nfsd · 2f9092e1
    David Woodhouse authored
    Commit 14f7dd63 ("Copy XFS readdir hack into nfsd code") introduced a
    bug to generic code which had been extant for a long time in the XFS
    version -- it started to call through into lookup_one_len() and hence
    into the file systems' ->lookup() methods without i_mutex held on the
    directory.
    
    This patch fixes it by locking the directory's i_mutex again before
    calling the filldir functions. The original deadlocks which commit
    14f7dd63 was designed to avoid are still avoided, because they were due
    to fs-internal locking, not i_mutex.
    
    While we're at it, fix the return type of nfsd_buffered_readdir() which
    should be a __be32 not an int -- it's an NFS errno, not a Linux errno.
    And return nfserrno(-ENOMEM) when allocation fails, not just -ENOMEM.
    Sparse would have caught that, if it wasn't so busy bitching about
    __cold__.
    
    Commit 05f4f678 ("nfsd4: don't do lookup within readdir in recovery
    code") introduced a similar problem with calling lookup_one_len()
    without i_mutex, which this patch also addresses. To fix that, it was
    necessary to fix the called functions so that they expect i_mutex to be
    held; that part was done by J. Bruce Fields.
    Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
    Umm-I-can-live-with-that-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    Reported-by: default avatarJ. R. Okajima <hooanon05@yahoo.co.jp>
    Tested-by: default avatarJ. Bruce Fields <bfields@citi.umich.edu>
    LKML-Reference: <8036.1237474444@jrobl>
    Cc: stable@kernel.org
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    2f9092e1
namei.c 69.9 KB