mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-12 08:09:56 +00:00
cc53ce53c8
Add a dentry op (d_manage) to permit a filesystem to hold a process and make it sleep when it tries to transit away from one of that filesystem's directories during a pathwalk. The operation is keyed off a new dentry flag (DCACHE_MANAGE_TRANSIT). The filesystem is allowed to be selective about which processes it holds and which it permits to continue on or prohibits from transiting from each flagged directory. This will allow autofs to hold up client processes whilst letting its userspace daemon through to maintain the directory or the stuff behind it or mounted upon it. The ->d_manage() dentry operation: int (*d_manage)(struct path *path, bool mounting_here); takes a pointer to the directory about to be transited away from and a flag indicating whether the transit is undertaken by do_add_mount() or do_move_mount() skipping through a pile of filesystems mounted on a mountpoint. It should return 0 if successful and to let the process continue on its way; -EISDIR to prohibit the caller from skipping to overmounted filesystems or automounting, and to use this directory; or some other error code to return to the user. ->d_manage() is called with namespace_sem writelocked if mounting_here is true and no other locks held, so it may sleep. However, if mounting_here is true, it may not initiate or wait for a mount or unmount upon the parameter directory, even if the act is actually performed by userspace. Within fs/namei.c, follow_managed() is extended to check with d_manage() first on each managed directory, before transiting away from it or attempting to automount upon it. follow_down() is renamed follow_down_one() and should only be used where the filesystem deliberately intends to avoid management steps (e.g. autofs). A new follow_down() is added that incorporates the loop done by all other callers of follow_down() (do_add/move_mount(), autofs and NFSD; whilst AFS, NFS and CIFS do use it, their use is removed by converting them to use d_automount()). The new follow_down() calls d_manage() as appropriate. It also takes an extra parameter to indicate if it is being called from mount code (with namespace_sem writelocked) which it passes to d_manage(). follow_down() ignores automount points so that it can be used to mount on them. __follow_mount_rcu() is made to abort rcu-walk mode if it hits a directory with DCACHE_MANAGE_TRANSIT set on the basis that we're probably going to have to sleep. It would be possible to enter d_manage() in rcu-walk mode too, and have that determine whether to abort or not itself. That would allow the autofs daemon to continue on in rcu-walk mode. Note that DCACHE_MANAGE_TRANSIT on a directory should be cleared when it isn't required as every tranist from that directory will cause d_manage() to be invoked. It can always be set again when necessary. ========================== WHAT THIS MEANS FOR AUTOFS ========================== Autofs currently uses the lookup() inode op and the d_revalidate() dentry op to trigger the automounting of indirect mounts, and both of these can be called with i_mutex held. autofs knows that the i_mutex will be held by the caller in lookup(), and so can drop it before invoking the daemon - but this isn't so for d_revalidate(), since the lock is only held on _some_ of the code paths that call it. This means that autofs can't risk dropping i_mutex from its d_revalidate() function before it calls the daemon. The bug could manifest itself as, for example, a process that's trying to validate an automount dentry that gets made to wait because that dentry is expired and needs cleaning up: mkdir S ffffffff8014e05a 0 32580 24956 Call Trace: [<ffffffff885371fd>] :autofs4:autofs4_wait+0x674/0x897 [<ffffffff80127f7d>] avc_has_perm+0x46/0x58 [<ffffffff8009fdcf>] autoremove_wake_function+0x0/0x2e [<ffffffff88537be6>] :autofs4:autofs4_expire_wait+0x41/0x6b [<ffffffff88535cfc>] :autofs4:autofs4_revalidate+0x91/0x149 [<ffffffff80036d96>] __lookup_hash+0xa0/0x12f [<ffffffff80057a2f>] lookup_create+0x46/0x80 [<ffffffff800e6e31>] sys_mkdirat+0x56/0xe4 versus the automount daemon which wants to remove that dentry, but can't because the normal process is holding the i_mutex lock: automount D ffffffff8014e05a 0 32581 1 32561 Call Trace: [<ffffffff80063c3f>] __mutex_lock_slowpath+0x60/0x9b [<ffffffff8000ccf1>] do_path_lookup+0x2ca/0x2f1 [<ffffffff80063c89>] .text.lock.mutex+0xf/0x14 [<ffffffff800e6d55>] do_rmdir+0x77/0xde [<ffffffff8005d229>] tracesys+0x71/0xe0 [<ffffffff8005d28d>] tracesys+0xd5/0xe0 which means that the system is deadlocked. This patch allows autofs to hold up normal processes whilst the daemon goes ahead and does things to the dentry tree behind the automouter point without risking a deadlock as almost no locks are held in d_manage() and none in d_automount(). Signed-off-by: David Howells <dhowells@redhat.com> Was-Acked-by: Ian Kent <raven@themaw.net> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
312 lines
7.4 KiB
C
312 lines
7.4 KiB
C
/* mountpoint management
|
|
*
|
|
* Copyright (C) 2002 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
|
|
#include <linux/kernel.h>
|
|
#include <linux/module.h>
|
|
#include <linux/init.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/pagemap.h>
|
|
#include <linux/mount.h>
|
|
#include <linux/namei.h>
|
|
#include <linux/gfp.h>
|
|
#include "internal.h"
|
|
|
|
|
|
static struct dentry *afs_mntpt_lookup(struct inode *dir,
|
|
struct dentry *dentry,
|
|
struct nameidata *nd);
|
|
static int afs_mntpt_open(struct inode *inode, struct file *file);
|
|
static void *afs_mntpt_follow_link(struct dentry *dentry, struct nameidata *nd);
|
|
static void afs_mntpt_expiry_timed_out(struct work_struct *work);
|
|
|
|
const struct file_operations afs_mntpt_file_operations = {
|
|
.open = afs_mntpt_open,
|
|
.llseek = noop_llseek,
|
|
};
|
|
|
|
const struct inode_operations afs_mntpt_inode_operations = {
|
|
.lookup = afs_mntpt_lookup,
|
|
.follow_link = afs_mntpt_follow_link,
|
|
.readlink = page_readlink,
|
|
.getattr = afs_getattr,
|
|
};
|
|
|
|
const struct inode_operations afs_autocell_inode_operations = {
|
|
.follow_link = afs_mntpt_follow_link,
|
|
.getattr = afs_getattr,
|
|
};
|
|
|
|
static LIST_HEAD(afs_vfsmounts);
|
|
static DECLARE_DELAYED_WORK(afs_mntpt_expiry_timer, afs_mntpt_expiry_timed_out);
|
|
|
|
static unsigned long afs_mntpt_expiry_timeout = 10 * 60;
|
|
|
|
/*
|
|
* check a symbolic link to see whether it actually encodes a mountpoint
|
|
* - sets the AFS_VNODE_MOUNTPOINT flag on the vnode appropriately
|
|
*/
|
|
int afs_mntpt_check_symlink(struct afs_vnode *vnode, struct key *key)
|
|
{
|
|
struct page *page;
|
|
size_t size;
|
|
char *buf;
|
|
int ret;
|
|
|
|
_enter("{%x:%u,%u}",
|
|
vnode->fid.vid, vnode->fid.vnode, vnode->fid.unique);
|
|
|
|
/* read the contents of the symlink into the pagecache */
|
|
page = read_cache_page(AFS_VNODE_TO_I(vnode)->i_mapping, 0,
|
|
afs_page_filler, key);
|
|
if (IS_ERR(page)) {
|
|
ret = PTR_ERR(page);
|
|
goto out;
|
|
}
|
|
|
|
ret = -EIO;
|
|
if (PageError(page))
|
|
goto out_free;
|
|
|
|
buf = kmap(page);
|
|
|
|
/* examine the symlink's contents */
|
|
size = vnode->status.size;
|
|
_debug("symlink to %*.*s", (int) size, (int) size, buf);
|
|
|
|
if (size > 2 &&
|
|
(buf[0] == '%' || buf[0] == '#') &&
|
|
buf[size - 1] == '.'
|
|
) {
|
|
_debug("symlink is a mountpoint");
|
|
spin_lock(&vnode->lock);
|
|
set_bit(AFS_VNODE_MOUNTPOINT, &vnode->flags);
|
|
spin_unlock(&vnode->lock);
|
|
}
|
|
|
|
ret = 0;
|
|
|
|
kunmap(page);
|
|
out_free:
|
|
page_cache_release(page);
|
|
out:
|
|
_leave(" = %d", ret);
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* no valid lookup procedure on this sort of dir
|
|
*/
|
|
static struct dentry *afs_mntpt_lookup(struct inode *dir,
|
|
struct dentry *dentry,
|
|
struct nameidata *nd)
|
|
{
|
|
_enter("%p,%p{%p{%s},%s}",
|
|
dir,
|
|
dentry,
|
|
dentry->d_parent,
|
|
dentry->d_parent ?
|
|
dentry->d_parent->d_name.name : (const unsigned char *) "",
|
|
dentry->d_name.name);
|
|
|
|
return ERR_PTR(-EREMOTE);
|
|
}
|
|
|
|
/*
|
|
* no valid open procedure on this sort of dir
|
|
*/
|
|
static int afs_mntpt_open(struct inode *inode, struct file *file)
|
|
{
|
|
_enter("%p,%p{%p{%s},%s}",
|
|
inode, file,
|
|
file->f_path.dentry->d_parent,
|
|
file->f_path.dentry->d_parent ?
|
|
file->f_path.dentry->d_parent->d_name.name :
|
|
(const unsigned char *) "",
|
|
file->f_path.dentry->d_name.name);
|
|
|
|
return -EREMOTE;
|
|
}
|
|
|
|
/*
|
|
* create a vfsmount to be automounted
|
|
*/
|
|
static struct vfsmount *afs_mntpt_do_automount(struct dentry *mntpt)
|
|
{
|
|
struct afs_super_info *super;
|
|
struct vfsmount *mnt;
|
|
struct afs_vnode *vnode;
|
|
struct page *page;
|
|
char *devname, *options;
|
|
bool rwpath = false;
|
|
int ret;
|
|
|
|
_enter("{%s}", mntpt->d_name.name);
|
|
|
|
BUG_ON(!mntpt->d_inode);
|
|
|
|
ret = -ENOMEM;
|
|
devname = (char *) get_zeroed_page(GFP_KERNEL);
|
|
if (!devname)
|
|
goto error_no_devname;
|
|
|
|
options = (char *) get_zeroed_page(GFP_KERNEL);
|
|
if (!options)
|
|
goto error_no_options;
|
|
|
|
vnode = AFS_FS_I(mntpt->d_inode);
|
|
if (test_bit(AFS_VNODE_PSEUDODIR, &vnode->flags)) {
|
|
/* if the directory is a pseudo directory, use the d_name */
|
|
static const char afs_root_cell[] = ":root.cell.";
|
|
unsigned size = mntpt->d_name.len;
|
|
|
|
ret = -ENOENT;
|
|
if (size < 2 || size > AFS_MAXCELLNAME)
|
|
goto error_no_page;
|
|
|
|
if (mntpt->d_name.name[0] == '.') {
|
|
devname[0] = '#';
|
|
memcpy(devname + 1, mntpt->d_name.name, size - 1);
|
|
memcpy(devname + size, afs_root_cell,
|
|
sizeof(afs_root_cell));
|
|
rwpath = true;
|
|
} else {
|
|
devname[0] = '%';
|
|
memcpy(devname + 1, mntpt->d_name.name, size);
|
|
memcpy(devname + size + 1, afs_root_cell,
|
|
sizeof(afs_root_cell));
|
|
}
|
|
} else {
|
|
/* read the contents of the AFS special symlink */
|
|
loff_t size = i_size_read(mntpt->d_inode);
|
|
char *buf;
|
|
|
|
ret = -EINVAL;
|
|
if (size > PAGE_SIZE - 1)
|
|
goto error_no_page;
|
|
|
|
page = read_mapping_page(mntpt->d_inode->i_mapping, 0, NULL);
|
|
if (IS_ERR(page)) {
|
|
ret = PTR_ERR(page);
|
|
goto error_no_page;
|
|
}
|
|
|
|
ret = -EIO;
|
|
if (PageError(page))
|
|
goto error;
|
|
|
|
buf = kmap_atomic(page, KM_USER0);
|
|
memcpy(devname, buf, size);
|
|
kunmap_atomic(buf, KM_USER0);
|
|
page_cache_release(page);
|
|
page = NULL;
|
|
}
|
|
|
|
/* work out what options we want */
|
|
super = AFS_FS_S(mntpt->d_sb);
|
|
memcpy(options, "cell=", 5);
|
|
strcpy(options + 5, super->volume->cell->name);
|
|
if (super->volume->type == AFSVL_RWVOL || rwpath)
|
|
strcat(options, ",rwpath");
|
|
|
|
/* try and do the mount */
|
|
_debug("--- attempting mount %s -o %s ---", devname, options);
|
|
mnt = vfs_kern_mount(&afs_fs_type, 0, devname, options);
|
|
_debug("--- mount result %p ---", mnt);
|
|
|
|
free_page((unsigned long) devname);
|
|
free_page((unsigned long) options);
|
|
_leave(" = %p", mnt);
|
|
return mnt;
|
|
|
|
error:
|
|
page_cache_release(page);
|
|
error_no_page:
|
|
free_page((unsigned long) options);
|
|
error_no_options:
|
|
free_page((unsigned long) devname);
|
|
error_no_devname:
|
|
_leave(" = %d", ret);
|
|
return ERR_PTR(ret);
|
|
}
|
|
|
|
/*
|
|
* follow a link from a mountpoint directory, thus causing it to be mounted
|
|
*/
|
|
static void *afs_mntpt_follow_link(struct dentry *dentry, struct nameidata *nd)
|
|
{
|
|
struct vfsmount *newmnt;
|
|
int err;
|
|
|
|
_enter("%p{%s},{%s:%p{%s},}",
|
|
dentry,
|
|
dentry->d_name.name,
|
|
nd->path.mnt->mnt_devname,
|
|
dentry,
|
|
nd->path.dentry->d_name.name);
|
|
|
|
dput(nd->path.dentry);
|
|
nd->path.dentry = dget(dentry);
|
|
|
|
newmnt = afs_mntpt_do_automount(nd->path.dentry);
|
|
if (IS_ERR(newmnt)) {
|
|
path_put(&nd->path);
|
|
return (void *)newmnt;
|
|
}
|
|
|
|
mntget(newmnt);
|
|
err = do_add_mount(newmnt, &nd->path, MNT_SHRINKABLE, &afs_vfsmounts);
|
|
switch (err) {
|
|
case 0:
|
|
path_put(&nd->path);
|
|
nd->path.mnt = newmnt;
|
|
nd->path.dentry = dget(newmnt->mnt_root);
|
|
queue_delayed_work(afs_wq, &afs_mntpt_expiry_timer,
|
|
afs_mntpt_expiry_timeout * HZ);
|
|
break;
|
|
case -EBUSY:
|
|
/* someone else made a mount here whilst we were busy */
|
|
err = follow_down(&nd->path, false);
|
|
default:
|
|
mntput(newmnt);
|
|
break;
|
|
}
|
|
|
|
_leave(" = %d", err);
|
|
return ERR_PTR(err);
|
|
}
|
|
|
|
/*
|
|
* handle mountpoint expiry timer going off
|
|
*/
|
|
static void afs_mntpt_expiry_timed_out(struct work_struct *work)
|
|
{
|
|
_enter("");
|
|
|
|
if (!list_empty(&afs_vfsmounts)) {
|
|
mark_mounts_for_expiry(&afs_vfsmounts);
|
|
queue_delayed_work(afs_wq, &afs_mntpt_expiry_timer,
|
|
afs_mntpt_expiry_timeout * HZ);
|
|
}
|
|
|
|
_leave("");
|
|
}
|
|
|
|
/*
|
|
* kill the AFS mountpoint timer if it's still running
|
|
*/
|
|
void afs_mntpt_kill_timer(void)
|
|
{
|
|
_enter("");
|
|
|
|
ASSERT(list_empty(&afs_vfsmounts));
|
|
cancel_delayed_work_sync(&afs_mntpt_expiry_timer);
|
|
}
|