linux/drivers
David Howells cc53ce53c8 Add a dentry op to allow processes to be held during pathwalk transit
Add a dentry op (d_manage) to permit a filesystem to hold a process and make it
sleep when it tries to transit away from one of that filesystem's directories
during a pathwalk.  The operation is keyed off a new dentry flag
(DCACHE_MANAGE_TRANSIT).

The filesystem is allowed to be selective about which processes it holds and
which it permits to continue on or prohibits from transiting from each flagged
directory.  This will allow autofs to hold up client processes whilst letting
its userspace daemon through to maintain the directory or the stuff behind it
or mounted upon it.

The ->d_manage() dentry operation:

	int (*d_manage)(struct path *path, bool mounting_here);

takes a pointer to the directory about to be transited away from and a flag
indicating whether the transit is undertaken by do_add_mount() or
do_move_mount() skipping through a pile of filesystems mounted on a mountpoint.

It should return 0 if successful and to let the process continue on its way;
-EISDIR to prohibit the caller from skipping to overmounted filesystems or
automounting, and to use this directory; or some other error code to return to
the user.

->d_manage() is called with namespace_sem writelocked if mounting_here is true
and no other locks held, so it may sleep.  However, if mounting_here is true,
it may not initiate or wait for a mount or unmount upon the parameter
directory, even if the act is actually performed by userspace.

Within fs/namei.c, follow_managed() is extended to check with d_manage() first
on each managed directory, before transiting away from it or attempting to
automount upon it.

follow_down() is renamed follow_down_one() and should only be used where the
filesystem deliberately intends to avoid management steps (e.g. autofs).

A new follow_down() is added that incorporates the loop done by all other
callers of follow_down() (do_add/move_mount(), autofs and NFSD; whilst AFS, NFS
and CIFS do use it, their use is removed by converting them to use
d_automount()).  The new follow_down() calls d_manage() as appropriate.  It
also takes an extra parameter to indicate if it is being called from mount code
(with namespace_sem writelocked) which it passes to d_manage().  follow_down()
ignores automount points so that it can be used to mount on them.

__follow_mount_rcu() is made to abort rcu-walk mode if it hits a directory with
DCACHE_MANAGE_TRANSIT set on the basis that we're probably going to have to
sleep.  It would be possible to enter d_manage() in rcu-walk mode too, and have
that determine whether to abort or not itself.  That would allow the autofs
daemon to continue on in rcu-walk mode.

Note that DCACHE_MANAGE_TRANSIT on a directory should be cleared when it isn't
required as every tranist from that directory will cause d_manage() to be
invoked.  It can always be set again when necessary.

==========================
WHAT THIS MEANS FOR AUTOFS
==========================

Autofs currently uses the lookup() inode op and the d_revalidate() dentry op to
trigger the automounting of indirect mounts, and both of these can be called
with i_mutex held.

autofs knows that the i_mutex will be held by the caller in lookup(), and so
can drop it before invoking the daemon - but this isn't so for d_revalidate(),
since the lock is only held on _some_ of the code paths that call it.  This
means that autofs can't risk dropping i_mutex from its d_revalidate() function
before it calls the daemon.

The bug could manifest itself as, for example, a process that's trying to
validate an automount dentry that gets made to wait because that dentry is
expired and needs cleaning up:

	mkdir         S ffffffff8014e05a     0 32580  24956
	Call Trace:
	 [<ffffffff885371fd>] :autofs4:autofs4_wait+0x674/0x897
	 [<ffffffff80127f7d>] avc_has_perm+0x46/0x58
	 [<ffffffff8009fdcf>] autoremove_wake_function+0x0/0x2e
	 [<ffffffff88537be6>] :autofs4:autofs4_expire_wait+0x41/0x6b
	 [<ffffffff88535cfc>] :autofs4:autofs4_revalidate+0x91/0x149
	 [<ffffffff80036d96>] __lookup_hash+0xa0/0x12f
	 [<ffffffff80057a2f>] lookup_create+0x46/0x80
	 [<ffffffff800e6e31>] sys_mkdirat+0x56/0xe4

versus the automount daemon which wants to remove that dentry, but can't
because the normal process is holding the i_mutex lock:

	automount     D ffffffff8014e05a     0 32581      1              32561
	Call Trace:
	 [<ffffffff80063c3f>] __mutex_lock_slowpath+0x60/0x9b
	 [<ffffffff8000ccf1>] do_path_lookup+0x2ca/0x2f1
	 [<ffffffff80063c89>] .text.lock.mutex+0xf/0x14
	 [<ffffffff800e6d55>] do_rmdir+0x77/0xde
	 [<ffffffff8005d229>] tracesys+0x71/0xe0
	 [<ffffffff8005d28d>] tracesys+0xd5/0xe0

which means that the system is deadlocked.

This patch allows autofs to hold up normal processes whilst the daemon goes
ahead and does things to the dentry tree behind the automouter point without
risking a deadlock as almost no locks are held in d_manage() and none in
d_automount().

Signed-off-by: David Howells <dhowells@redhat.com>
Was-Acked-by: Ian Kent <raven@themaw.net>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2011-01-15 20:07:31 -05:00
..
accessibility
acpi Merge branch 'linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6 2011-01-14 09:29:05 -08:00
amba
ata Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
atm Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
auxdisplay
base thp: transparent hugepage sysfs meminfo 2011-01-13 17:32:46 -08:00
block Merge branch 'for-2.6.38/drivers' of git://git.kernel.dk/linux-2.6-block 2011-01-13 10:50:24 -08:00
bluetooth
cdrom Merge branch 'for-2.6.38/core' of git://git.kernel.dk/linux-2.6-block 2011-01-13 10:45:01 -08:00
char Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 2011-01-13 20:15:35 -08:00
clk
clocksource
connector
cpufreq perf: Clean up power events by introducing new, more generic ones 2011-01-04 08:16:54 +01:00
cpuidle Merge branch 'cpuidle-perf-events' into idle-test 2011-01-12 18:06:19 -05:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2011-01-13 10:25:58 -08:00
dca dca: remove unneeded NULL check 2011-01-13 08:03:09 -08:00
dio
dma Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
edac Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
eisa
firewire firewire: ohci: fix compilation on arches without PAGE_KERNEL_RO 2011-01-13 15:48:29 +01:00
firmware
gpio Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6 2011-01-14 09:08:00 -08:00
gpu Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 2011-01-13 20:15:35 -08:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2011-01-13 09:58:38 -08:00
hwmon hwmon: (dme1737) Minor cleanups 2011-01-12 21:55:13 +01:00
i2c i2c: Convert SCx200 driver from using raw PCI to platform device 2011-01-14 12:38:15 +01:00
ide
idle Merge branch 'cpuidle-perf-events' into idle-test 2011-01-12 18:06:19 -05:00
ieee802154
infiniband Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
input Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
isdn Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
leds leds: add output inversion option to backlight trigger 2011-01-13 08:03:06 -08:00
lguest
macintosh Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
mca
md Merge git://git.kernel.org/pub/scm/linux/kernel/git/agk/linux-2.6-dm 2011-01-13 17:30:47 -08:00
media Merge branch 'linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6 2011-01-14 09:29:05 -08:00
memstick memstick: factor out transfer initiating functionality in mspro_block.c 2011-01-13 08:03:22 -08:00
message Merge branch 'master' into for-next 2010-12-22 18:57:02 +01:00
mfd mfd: ab8500-core chip version cut 2.0 support 2011-01-14 12:38:18 +01:00
misc misc: Make AB8500_PWM driver depend on U8500 due to PWM breakage 2011-01-14 12:38:12 +01:00
mmc Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
mtd Merge branch 'for-2.6.38/core' of git://git.kernel.dk/linux-2.6-block 2011-01-13 10:45:01 -08:00
net Merge branch 'linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6 2011-01-14 09:29:05 -08:00
nfc NFC: Driver for NXP Semiconductors PN544 NFC chip. 2011-01-13 08:03:19 -08:00
nubus
of Merge remote branch 'gcl/next' into next 2011-01-11 15:10:08 +11:00
oprofile
parisc
parport
pci Merge branch 'linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6 2011-01-14 09:29:05 -08:00
pcmcia Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
platform Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 2011-01-13 20:15:35 -08:00
pnp Merge branch 'pnp' into release 2011-01-12 04:59:44 -05:00
power Merge git://git.infradead.org/battery-2.6 2011-01-14 09:25:59 -08:00
pps pps: add parallel port PPS signal generator 2011-01-13 08:03:21 -08:00
ps3
rapidio rapidio: add new idt sRIO switches 2011-01-13 08:03:18 -08:00
regulator regulator: Support MAX8998/LP3974 DVS-GPIO 2011-01-14 12:38:16 +01:00
rtc mfd: Support LP3974 RTC 2011-01-14 12:38:16 +01:00
s390 Merge branch 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6 2011-01-14 08:47:26 -08:00
sbus sparc: explicitly cast negative phandle checks to s32 2011-01-03 20:02:06 -07:00
scsi Merge branch 'linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6 2011-01-14 09:29:05 -08:00
serial atmel_serial: fix RTS high after initialization in RS485 mode 2011-01-13 17:32:31 -08:00
sfi SFI: use ioremap_cache() instead of ioremap() 2011-01-11 23:27:25 -05:00
sh headers: kobject.h redux 2011-01-10 08:51:44 -08:00
sn
spi Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
ssb ssb: Use pci_is_pcie() 2010-12-22 15:43:26 -05:00
staging Add a dentry op to allow processes to be held during pathwalk transit 2011-01-15 20:07:31 -05:00
tc
telephony Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
thermal Merge branch 'misc' into release 2011-01-12 05:14:15 -05:00
tty Merge branch 'tty-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6 2011-01-07 14:39:20 -08:00
uio
usb Merge branch 'for-2.6.38/core' of git://git.kernel.dk/linux-2.6-block 2011-01-13 10:45:01 -08:00
uwb
vhost
video Merge git://git.kernel.org/pub/scm/linux/kernel/git/lethal/fbdev-2.6 2011-01-13 10:39:14 -08:00
virtio
vlynq
w1 w1: DS2423 counter driver and documentation 2011-01-13 08:03:22 -08:00
watchdog watchdog: Add MCF548x watchdog driver. 2011-01-12 13:51:35 +00:00
xen Merge branch 'stable/gntdev' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen 2011-01-13 18:46:48 -08:00
zorro
Kconfig NFC: Driver for NXP Semiconductors PN544 NFC chip. 2011-01-13 08:03:19 -08:00
Makefile NFC: Driver for NXP Semiconductors PN544 NFC chip. 2011-01-13 08:03:19 -08:00