diff options
| author | David Howells | 2017-11-02 16:27:52 +0100 |
|---|---|---|
| committer | David Howells | 2017-11-13 16:38:20 +0100 |
| commit | dab17c1add5c51b68027a9a3861af3a99cb5485a (patch) | |
| tree | 17d9d716ff0903555bd1d4451974df3088625e33 /fs/afs/file.c | |
| parent | afs: Trace the sending of pages (diff) | |
| download | kernel-qcow2-linux-dab17c1add5c51b68027a9a3861af3a99cb5485a.tar.gz kernel-qcow2-linux-dab17c1add5c51b68027a9a3861af3a99cb5485a.tar.xz kernel-qcow2-linux-dab17c1add5c51b68027a9a3861af3a99cb5485a.zip | |
afs: Fix directory read/modify race
Because parsing of the directory wasn't being done under any sort of lock,
the pages holding the directory content can get invalidated whilst the
parsing is ongoing.
Further, the directory page check function gets called outside of the page
lock, so if the page gets cleared or updated, this may return reports of
bad magic numbers in the directory page.
Also, the directory may change size whilst checking and parsing are
ongoing, so more care needs to be taken here.
Fix this by:
(1) Perform the page check from the page filling function before we set
PageUptodate and drop the page lock.
(2) Check for the file having shrunk and the page having been abandoned
before checking the page contents.
(3) Lock the page whilst parsing it for the directory iterator.
Whilst we're at it, add a tracepoint to report check failure.
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'fs/afs/file.c')
| -rw-r--r-- | fs/afs/file.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/fs/afs/file.c b/fs/afs/file.c index 1f26ac9f816d..5786f68f87f1 100644 --- a/fs/afs/file.c +++ b/fs/afs/file.c @@ -232,6 +232,11 @@ int afs_page_filler(void *data, struct page *page) * page */ ret = afs_fetch_data(vnode, key, req); afs_put_read(req); + + if (ret >= 0 && S_ISDIR(inode->i_mode) && + !afs_dir_check_page(inode, page)) + ret = -EIO; + if (ret < 0) { if (ret == -ENOENT) { _debug("got NOENT from server" |