eCryptfs: Fix new inode race condition
authorTyler Hicks <tyhicks@linux.vnet.ibm.com>
Tue, 24 May 2011 08:49:02 +0000 (03:49 -0500)
committerTyler Hicks <tyhicks@linux.vnet.ibm.com>
Sun, 29 May 2011 19:23:39 +0000 (14:23 -0500)
Only unlock and d_add() new inodes after the plaintext inode size has
been read from the lower filesystem. This fixes a race condition that
was sometimes seen during a multi-job kernel build in an eCryptfs mount.

https://bugzilla.kernel.org/show_bug.cgi?id=36002

Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Reported-by: David <david@unsolicited.net>
Tested-by: David <david@unsolicited.net>
fs/ecryptfs/crypto.c
fs/ecryptfs/ecryptfs_kernel.h
fs/ecryptfs/file.c
fs/ecryptfs/inode.c
fs/ecryptfs/main.c

index b8d5c80..f48c498 100644 (file)
@@ -1568,11 +1568,11 @@ out:
 }
 
 int ecryptfs_read_and_validate_xattr_region(char *page_virt,
-                                           struct dentry *ecryptfs_dentry)
+                                           struct inode *inode)
 {
        int rc;
 
-       rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_dentry->d_inode);
+       rc = ecryptfs_read_xattr_region(page_virt, inode);
        if (rc)
                goto out;
        if (!contains_ecryptfs_marker(page_virt + ECRYPTFS_FILE_SIZE_BYTES)) {
index 41a4532..72aa24a 100644 (file)
@@ -662,7 +662,7 @@ void ecryptfs_write_crypt_stat_flags(char *page_virt,
 int ecryptfs_read_and_validate_header_region(char *data,
                                             struct inode *ecryptfs_inode);
 int ecryptfs_read_and_validate_xattr_region(char *page_virt,
-                                           struct dentry *ecryptfs_dentry);
+                                           struct inode *inode);
 u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes);
 int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code);
 void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat);
@@ -753,7 +753,7 @@ int ecryptfs_privileged_open(struct file **lower_file,
                             struct dentry *lower_dentry,
                             struct vfsmount *lower_mnt,
                             const struct cred *cred);
-int ecryptfs_get_lower_file(struct dentry *ecryptfs_dentry);
+int ecryptfs_get_lower_file(struct dentry *dentry, struct inode *inode);
 void ecryptfs_put_lower_file(struct inode *inode);
 int
 ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
index 566e547..4ec9eb0 100644 (file)
@@ -191,7 +191,7 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
                                      | ECRYPTFS_ENCRYPTED);
        }
        mutex_unlock(&crypt_stat->cs_mutex);
-       rc = ecryptfs_get_lower_file(ecryptfs_dentry);
+       rc = ecryptfs_get_lower_file(ecryptfs_dentry, inode);
        if (rc) {
                printk(KERN_ERR "%s: Error attempting to initialize "
                        "the lower file for the dentry with name "
index fc7d2b7..f0ad965 100644 (file)
@@ -259,7 +259,8 @@ static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
                                "context; rc = [%d]\n", rc);
                goto out;
        }
-       rc = ecryptfs_get_lower_file(ecryptfs_dentry);
+       rc = ecryptfs_get_lower_file(ecryptfs_dentry,
+                                    ecryptfs_dentry->d_inode);
        if (rc) {
                printk(KERN_ERR "%s: Error attempting to initialize "
                        "the lower file for the dentry with name "
@@ -350,50 +351,51 @@ static int ecryptfs_lookup_interpose(struct dentry *ecryptfs_dentry,
                       __func__, rc);
                goto out;
        }
-       if (inode->i_state & I_NEW)
-               unlock_new_inode(inode);
-       d_add(ecryptfs_dentry, inode);
-       if (S_ISDIR(lower_inode->i_mode))
-               goto out;
-       if (S_ISLNK(lower_inode->i_mode))
-               goto out;
-       if (special_file(lower_inode->i_mode))
+       if (!S_ISREG(inode->i_mode)) {
+               if (inode->i_state & I_NEW)
+                       unlock_new_inode(inode);
+               d_add(ecryptfs_dentry, inode);
                goto out;
+       }
        /* Released in this function */
        page_virt = kmem_cache_zalloc(ecryptfs_header_cache_2, GFP_USER);
        if (!page_virt) {
                printk(KERN_ERR "%s: Cannot kmem_cache_zalloc() a page\n",
                       __func__);
                rc = -ENOMEM;
+               make_bad_inode(inode);
                goto out;
        }
-       rc = ecryptfs_get_lower_file(ecryptfs_dentry);
+       rc = ecryptfs_get_lower_file(ecryptfs_dentry, inode);
        if (rc) {
                printk(KERN_ERR "%s: Error attempting to initialize "
                        "the lower file for the dentry with name "
                        "[%s]; rc = [%d]\n", __func__,
                        ecryptfs_dentry->d_name.name, rc);
+               make_bad_inode(inode);
                goto out_free_kmem;
        }
        put_lower = 1;
-       crypt_stat = &ecryptfs_inode_to_private(
-                                       ecryptfs_dentry->d_inode)->crypt_stat;
+       crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
        /* TODO: lock for crypt_stat comparison */
        if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
                        ecryptfs_set_default_sizes(crypt_stat);
-       rc = ecryptfs_read_and_validate_header_region(page_virt,
-                                                     ecryptfs_dentry->d_inode);
+       rc = ecryptfs_read_and_validate_header_region(page_virt, inode);
        if (rc) {
                memset(page_virt, 0, PAGE_CACHE_SIZE);
                rc = ecryptfs_read_and_validate_xattr_region(page_virt,
-                                                            ecryptfs_dentry);
+                                                            inode);
                if (rc) {
                        rc = 0;
-                       goto out_free_kmem;
+                       goto unlock_inode;
                }
                crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
        }
-       ecryptfs_i_size_init(page_virt, ecryptfs_dentry->d_inode);
+       ecryptfs_i_size_init(page_virt, inode);
+unlock_inode:
+       if (inode->i_state & I_NEW)
+               unlock_new_inode(inode);
+       d_add(ecryptfs_dentry, inode);
 out_free_kmem:
        kmem_cache_free(ecryptfs_header_cache_2, page_virt);
        goto out;
@@ -403,7 +405,7 @@ out_put:
        d_drop(ecryptfs_dentry);
 out:
        if (put_lower)
-               ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
+               ecryptfs_put_lower_file(inode);
        return rc;
 }
 
@@ -843,7 +845,7 @@ static int truncate_upper(struct dentry *dentry, struct iattr *ia,
                lower_ia->ia_valid &= ~ATTR_SIZE;
                return 0;
        }
-       rc = ecryptfs_get_lower_file(dentry);
+       rc = ecryptfs_get_lower_file(dentry, inode);
        if (rc)
                return rc;
        crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
@@ -999,7 +1001,7 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
 
                mount_crypt_stat = &ecryptfs_superblock_to_private(
                        dentry->d_sb)->mount_crypt_stat;
-               rc = ecryptfs_get_lower_file(dentry);
+               rc = ecryptfs_get_lower_file(dentry, inode);
                if (rc) {
                        mutex_unlock(&crypt_stat->cs_mutex);
                        goto out;
index 7c697ab..943a4f5 100644 (file)
@@ -135,12 +135,12 @@ static int ecryptfs_init_lower_file(struct dentry *dentry,
        return rc;
 }
 
-int ecryptfs_get_lower_file(struct dentry *dentry)
+int ecryptfs_get_lower_file(struct dentry *dentry, struct inode *inode)
 {
-       struct ecryptfs_inode_info *inode_info =
-               ecryptfs_inode_to_private(dentry->d_inode);
+       struct ecryptfs_inode_info *inode_info;
        int count, rc = 0;
 
+       inode_info = ecryptfs_inode_to_private(inode);
        mutex_lock(&inode_info->lower_file_mutex);
        count = atomic_inc_return(&inode_info->lower_file_count);
        if (WARN_ON_ONCE(count < 1))