1. 06 May, 2014 1 commit
      autofs: fix lockref lookup · 6b6751f7
      Ian Kent authored
      autofs needs to be able to see private data dentry flags for its dentrys
      that are being created but not yet hashed and for its dentrys that have
      been rmdir()ed but not yet freed.  It needs to do this so it can block
      processes in these states until a status has been returned to indicate
      the given operation is complete.
      It does this by keeping two lists, active and expring, of dentrys in
      this state and uses ->d_release() to keep them stable while it checks
      the reference count to determine if they should be used.
      But with the recent lockref changes dentrys being freed sometimes don't
      transition to a reference count of 0 before being freed so autofs can
      occassionally use a dentry that is invalid which can lead to a panic.
      Signed-off-by: default avatarIan Kent <raven@themaw.net>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      autofs4 - use simple_empty() for empty directory check · 0259cb02
      Ian Kent authored
      For direct (and offset) mounts, if an automounted mount is manually
      umounted the trigger mount dentry can appear non-empty causing it to
      not trigger mounts. This can also happen if there is a file handle
      leak in a user space automounting application.
      This happens because, when a ioctl control file handle is opened
      on the mount, a cursor dentry is created which causes list_empty()
      to see the dentry as non-empty. Since there is a case where listing
      the directory of these dentrys is needed, the use of dcache_dir_*()
      functions for .open() and .release() is needed.
      Consequently simple_empty() must be used instead of list_empty()
      when checking for an empty directory.
      Signed-off-by: default avatarIan Kent <raven@themaw.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on rootless mount · f55fb0c2
      Ian Kent authored
      The DCACHE_NEED_AUTOMOUNT flag is cleared on mount and set on expire
      for autofs rootless multi-mount dentrys to prevent unnecessary calls
      to ->d_automount().
      Since DCACHE_MANAGE_TRANSIT is always set on autofs dentrys ->d_managed()
      is always called so the check can be done in ->d_manage() without the
      need to change the flag. This still avoids unnecessary calls to
      ->d_automount(), adds negligible overhead and eliminates a seriously
      ugly check in the expire code.
      Signed-off-by: default avatarIan Kent <raven@themaw.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      stop passing nameidata to ->lookup() · 00cd8dd3
      Al Viro authored
      Just the flags; only NFS cares even about that, but there are
      legitimate uses for such argument.  And getting rid of that
      completely would require splitting ->lookup() into a couple
      of methods (at least), so let's leave that alone for now...
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      autofs4: Merge the remaining dentry ops tables · b650c858
      David Howells authored
      Merge the remaining autofs4 dentry ops tables.  It doesn't matter if
      d_automount and d_manage are present on something that's not mountable or
      holdable as these ops are only used if the appropriate flags are set in
      [AV] switch to ->s_d_op, since now _everything_ on autofs4 is using the
      same dentry_operations.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Allow d_manage() to be used in RCU-walk mode · ab90911f
      David Howells authored
      Allow d_manage() to be called from pathwalk when it is in RCU-walk mode as well
      as when it is in Ref-walk mode.  This permits __follow_mount_rcu() to call
      d_manage() directly.  d_manage() needs a parameter to indicate that it is in
      RCU-walk mode as it isn't allowed to sleep if in that mode (but should return
      -ECHILD instead).
      autofs4_d_manage() can then be set to retain RCU-walk mode if the daemon
      accesses it and otherwise request dropping back to ref-walk mode.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      autofs4: Add v4 pseudo direct mount support · dd89f90d
      Ian Kent authored
      Version 4 of autofs provides a pseudo direct mount implementation
      that relies on directories at the leaves of a directory tree under
      an indirect mount to trigger mounts.
      This patch adds support for that functionality.
      Signed-off-by: default avatarIan Kent <raven@themaw.net>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      autofs4: Clean up autofs4_free_ino() · 66511493
      Ian Kent authored
      When this function is called the local reference count does't need to
      be updated since the dentry is going away and dput definitely must
      not be called here.
      Also the autofs info struct field inode isn't used so remove it.
      Signed-off-by: default avatarIan Kent <raven@themaw.net>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      autofs4: Clean up dentry operations · 71e469db
      Ian Kent authored
      There are now two distinct dentry operations uses. One for dentrys
      that trigger mounts and one for dentrys that do not.
      Rationalize the use of these dentry operations and rename them to
      reflect their function.
      Signed-off-by: default avatarIan Kent <raven@themaw.net>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      autofs4: Clean up inode operations · e61da20a
      Ian Kent authored
      Since the use of ->follow_link() has been eliminated there is no
      need to separate the indirect and direct inode operations.
      Signed-off-by: default avatarIan Kent <raven@themaw.net>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      autofs4: Remove unused code · 8c13a676
      Ian Kent authored
      Remove code that is not used due to the use of ->d_automount()
      and ->d_manage().
      Signed-off-by: default avatarIan Kent <raven@themaw.net>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      autofs4: Add d_manage() dentry operation · b5b80177
      Ian Kent authored
      This patch required a previous patch to add the ->d_automount()
      dentry operation.
      Add a function to use the newly defined ->d_manage() dentry operation
      for blocking during mount and expire.
      Whether the VFS calls the dentry operations d_automount() and d_manage()
      is controled by the DMANAGED_AUTOMOUNT and DMANAGED_TRANSIT flags. autofs
      uses the d_automount() operation to callback to user space to request
      mount operations and the d_manage() operation to block walks into mounts
      that are under construction or destruction.
      In order to prevent these functions from being called unnecessarily the
      DMANAGED_* flags are cleared for cases which would cause this. In the
      common case the DMANAGED_AUTOMOUNT and DMANAGED_TRANSIT flags are both
      set for dentrys waiting to be mounted. The DMANAGED_TRANSIT flag is
      cleared upon successful mount request completion and set during expire
      runs, both during the dentry expire check, and if selected for expire,
      is left set until a subsequent successful mount request completes.
      The exception to this is the so-called rootless multi-mount which has
      no actual mount at its base. In this case the DMANAGED_AUTOMOUNT flag
      is cleared upon successful mount request completion as well and set
      again after a successful expire.
      Signed-off-by: default avatarIan Kent <raven@themaw.net>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      autofs4: Add d_automount() dentry operation · 10584211
      Ian Kent authored
      Add a function to use the newly defined ->d_automount() dentry operation
      for triggering mounts instead of doing the user space callback in ->lookup()
      and ->d_revalidate().
      Note, to be useful the subsequent patch to add the ->d_manage() dentry
      operation is also needed so the discussion of functionality is deferred to
      that patch.
      Signed-off-by: default avatarIan Kent <raven@themaw.net>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Add a dentry op to allow processes to be held during pathwalk transit · cc53ce53
      David Howells authored
      Add a dentry op (d_manage) to permit a filesystem to hold a process and make it
      sleep when it tries to transit away from one of that filesystem's directories
      during a pathwalk.  The operation is keyed off a new dentry flag
      The filesystem is allowed to be selective about which processes it holds and
      which it permits to continue on or prohibits from transiting from each flagged
      directory.  This will allow autofs to hold up client processes whilst letting
      its userspace daemon through to maintain the directory or the stuff behind it
      or mounted upon it.
      The ->d_manage() dentry operation:
      	int (*d_manage)(struct path *path, bool mounting_here);
      takes a pointer to the directory about to be transited away from and a flag
      indicating whether the transit is undertaken by do_add_mount() or
      do_move_mount() skipping through a pile of filesystems mounted on a mountpoint.
      It should return 0 if successful and to let the process continue on its way;
      -EISDIR to prohibit the caller from skipping to overmounted filesystems or
      automounting, and to use this directory; or some other error code to return to
      the user.
      ->d_manage() is called with namespace_sem writelocked if mounting_here is true
      and no other locks held, so it may sleep.  However, if mounting_here is true,
      it may not initiate or wait for a mount or unmount upon the parameter
      directory, even if the act is actually performed by userspace.
      Within fs/namei.c, follow_managed() is extended to check with d_manage() first
      on each managed directory, before transiting away from it or attempting to
      automount upon it.
      follow_down() is renamed follow_down_one() and should only be used where the
      filesystem deliberately intends to avoid management steps (e.g. autofs).
      A new follow_down() is added that incorporates the loop done by all other
      callers of follow_down() (do_add/move_mount(), autofs and NFSD; whilst AFS, NFS
      and CIFS do use it, their use is removed by converting them to use
      d_automount()).  The new follow_down() calls d_manage() as appropriate.  It
      also takes an extra parameter to indicate if it is being called from mount code
      (with namespace_sem writelocked) which it passes to d_manage().  follow_down()
      ignores automount points so that it can be used to mount on them.
      __follow_mount_rcu() is made to abort rcu-walk mode if it hits a directory with
      DCACHE_MANAGE_TRANSIT set on the basis that we're probably going to have to
      sleep.  It would be possible to enter d_manage() in rcu-walk mode too, and have
      that determine whether to abort or not itself.  That would allow the autofs
      daemon to continue on in rcu-walk mode.
      Note that DCACHE_MANAGE_TRANSIT on a directory should be cleared when it isn't
      required as every tranist from that directory will cause d_manage() to be
      invoked.  It can always be set again when necessary.
      Autofs currently uses the lookup() inode op and the d_revalidate() dentry op to
      trigger the automounting of indirect mounts, and both of these can be called
      with i_mutex held.
      autofs knows that the i_mutex will be held by the caller in lookup(), and so
      can drop it before invoking the daemon - but this isn't so for d_revalidate(),
      since the lock is only held on _some_ of the code paths that call it.  This
      means that autofs can't risk dropping i_mutex from its d_revalidate() function
      before it calls the daemon.
      The bug could manifest itself as, for example, a process that's trying to
      validate an automount dentry that gets made to wait because that dentry is
      expired and needs cleaning up:
      	mkdir         S ffffffff8014e05a     0 32580  24956
      	Call Trace:
      	 [<ffffffff885371fd>] :autofs4:autofs4_wait+0x674/0x897
      	 [<ffffffff80127f7d>] avc_has_perm+0x46/0x58
      	 [<ffffffff8009fdcf>] autoremove_wake_function+0x0/0x2e
      	 [<ffffffff88537be6>] :autofs4:autofs4_expire_wait+0x41/0x6b
      	 [<ffffffff88535cfc>] :autofs4:autofs4_revalidate+0x91/0x149
      	 [<ffffffff80036d96>] __lookup_hash+0xa0/0x12f
      	 [<ffffffff80057a2f>] lookup_create+0x46/0x80
      	 [<ffffffff800e6e31>] sys_mkdirat+0x56/0xe4
      versus the automount daemon which wants to remove that dentry, but can't
      because the normal process is holding the i_mutex lock:
      	automount     D ffffffff8014e05a     0 32581      1              32561
      	Call Trace:
      	 [<ffffffff80063c3f>] __mutex_lock_slowpath+0x60/0x9b
      	 [<ffffffff8000ccf1>] do_path_lookup+0x2ca/0x2f1
      	 [<ffffffff80063c89>] .text.lock.mutex+0xf/0x14
      	 [<ffffffff800e6d55>] do_rmdir+0x77/0xde
      	 [<ffffffff8005d229>] tracesys+0x71/0xe0
      	 [<ffffffff8005d28d>] tracesys+0xd5/0xe0
      which means that the system is deadlocked.
      This patch allows autofs to hold up normal processes whilst the daemon goes
      ahead and does things to the dentry tree behind the automouter point without
      risking a deadlock as almost no locks are held in d_manage() and none in
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Was-Acked-by: default avatarIan Kent <raven@themaw.net>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      fs: rcu-walk aware d_revalidate method · 34286d66
      Nick Piggin authored
      Require filesystems be aware of .d_revalidate being called in rcu-walk
      mode (nd->flags & LOOKUP_RCU). For now do a simple push down, returning
      -ECHILD from all implementations.
      Signed-off-by: default avatarNick Piggin <npiggin@kernel.dk>
      fs: dcache reduce branches in lookup path · fb045adb
      Nick Piggin authored
      Reduce some branches and memory accesses in dcache lookup by adding dentry
      flags to indicate common d_ops are set, rather than having to check them.
      This saves a pointer memory access (dentry->d_op) in common path lookup
      situations, and saves another pointer load and branch in cases where we
      have d_op but not the particular operation.
      Patched with:
      git grep -E '[.>]([[:space:]])*d_op([[:space:]])*=' | xargs sed -e 's/\([^\t ]*\)->d_op = \(.*\);/d_set_d_op(\1, \2);/' -e 's/\([^\t ]*\)\.d_op = \(.*\);/d_set_d_op(\&\1, \2);/' -i
      Signed-off-by: default avatarNick Piggin <npiggin@kernel.dk>