nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity

ext4: avoid deadlock when expanding inode size

Browse source 
When we need to move xattrs into external xattr block, we call
ext4_xattr_block_set() from ext4_expand_extra_isize_ea(). That may end
up calling ext4_mark_inode_dirty() again which will recurse back into
the inode expansion code leading to deadlocks.

Protect from recursion using EXT4_STATE_NO_EXPAND inode flag and move
its management into ext4_expand_extra_isize_ea() since its manipulation
is safe there (due to xattr_sem) from possible races with
ext4_xattr_set_handle() which plays with it as well.

CC: stable@vger.kernel.org   # 4.4.x
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
This commit is contained in:
Jan Kara 2016-08-11 12:38:55 -04:00 committed by Theodore Ts'o
parent 443a8c41cd
commit 2e81a4eeed
2 changed files with 13 additions and 8 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

2
fs/ext4/inode.c
View file

@ -5466,8 +5466,6 @@ int ext4_mark_inode_dirty(handle_t *handle, struct inode *inode)
sbi->s_want_extra_isize, sbi->s_want_extra_isize,
iloc, handle); iloc, handle);
if (ret) { if (ret) {
ext4_set_inode_state(inode,
EXT4_STATE_NO_EXPAND);
if (mnt_count != if (mnt_count !=
le16_to_cpu(sbi->s_es->s_mnt_count)) { le16_to_cpu(sbi->s_es->s_mnt_count)) {
ext4_warning(inode->i_sb, ext4_warning(inode->i_sb,

19
fs/ext4/xattr.c
View file

@ -1358,12 +1358,14 @@ int ext4_expand_extra_isize_ea(struct inode *inode, int new_extra_isize,
int isize_diff; /* How much do we need to grow i_extra_isize */ int isize_diff; /* How much do we need to grow i_extra_isize */
down_write(&EXT4_I(inode)->xattr_sem); down_write(&EXT4_I(inode)->xattr_sem);
/*
* Set EXT4_STATE_NO_EXPAND to avoid recursion when marking inode dirty
*/
ext4_set_inode_state(inode, EXT4_STATE_NO_EXPAND);
retry: retry:
isize_diff = new_extra_isize - EXT4_I(inode)->i_extra_isize; isize_diff = new_extra_isize - EXT4_I(inode)->i_extra_isize;
if (EXT4_I(inode)->i_extra_isize >= new_extra_isize) { if (EXT4_I(inode)->i_extra_isize >= new_extra_isize)
up_write(&EXT4_I(inode)->xattr_sem); goto out;
return 0;
}
header = IHDR(inode, raw_inode); header = IHDR(inode, raw_inode);
entry = IFIRST(header); entry = IFIRST(header);
@ -1392,8 +1394,7 @@ int ext4_expand_extra_isize_ea(struct inode *inode, int new_extra_isize,
(void *)header, total_ino, (void *)header, total_ino,
inode->i_sb->s_blocksize); inode->i_sb->s_blocksize);
EXT4_I(inode)->i_extra_isize = new_extra_isize; EXT4_I(inode)->i_extra_isize = new_extra_isize;
error = 0; goto out;
goto cleanup;
} }
/* /*
@ -1553,6 +1554,8 @@ int ext4_expand_extra_isize_ea(struct inode *inode, int new_extra_isize,
kfree(bs); kfree(bs);
} }
brelse(bh); brelse(bh);
out:
ext4_clear_inode_state(inode, EXT4_STATE_NO_EXPAND);
up_write(&EXT4_I(inode)->xattr_sem); up_write(&EXT4_I(inode)->xattr_sem);
return 0; return 0;
@ -1564,6 +1567,10 @@ int ext4_expand_extra_isize_ea(struct inode *inode, int new_extra_isize,
kfree(is); kfree(is);
kfree(bs); kfree(bs);
brelse(bh); brelse(bh);
/*
* We deliberately leave EXT4_STATE_NO_EXPAND set here since inode
* size expansion failed.
*/
up_write(&EXT4_I(inode)->xattr_sem); up_write(&EXT4_I(inode)->xattr_sem);
return error; return error;
} }