kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-hardened/fs/cifs
History
Rabin Vincent 966681c9f0 CIFS: fix circular locking dependency 
When a CIFS filesystem is mounted with the forcemand option and the
following command is run on it, lockdep warns about a circular locking
dependency between CifsInodeInfo::lock_sem and the inode lock.

 while echo foo > hello; do :; done & while touch -c hello; do :; done

cifs_writev() takes the locks in the wrong order, but note that we can't
only flip the order around because it releases the inode lock before the
call to generic_write_sync() while it holds the lock_sem across that
call.

But, AFAICS, there is no need to hold the CifsInodeInfo::lock_sem across
the generic_write_sync() call either, so we can release both the locks
before generic_write_sync(), and change the order.

 ======================================================
 WARNING: possible circular locking dependency detected
 4.12.0-rc7+ #9 Not tainted
 ------------------------------------------------------
 touch/487 is trying to acquire lock:
  (&cifsi->lock_sem){++++..}, at: cifsFileInfo_put+0x88f/0x16a0

 but task is already holding lock:
  (&sb->s_type->i_mutex_key#11){+.+.+.}, at: utimes_common+0x3ad/0x870

 which lock already depends on the new lock.

 the existing dependency chain (in reverse order) is:

 -> #1 (&sb->s_type->i_mutex_key#11){+.+.+.}:
        __lock_acquire+0x1f74/0x38f0
        lock_acquire+0x1cc/0x600
        down_write+0x74/0x110
        cifs_strict_writev+0x3cb/0x8c0
        __vfs_write+0x4c1/0x930
        vfs_write+0x14c/0x2d0
        SyS_write+0xf7/0x240
        entry_SYSCALL_64_fastpath+0x1f/0xbe

 -> #0 (&cifsi->lock_sem){++++..}:
        check_prevs_add+0xfa0/0x1d10
        __lock_acquire+0x1f74/0x38f0
        lock_acquire+0x1cc/0x600
        down_write+0x74/0x110
        cifsFileInfo_put+0x88f/0x16a0
        cifs_setattr+0x992/0x1680
        notify_change+0x61a/0xa80
        utimes_common+0x3d4/0x870
        do_utimes+0x1c1/0x220
        SyS_utimensat+0x84/0x1a0
        entry_SYSCALL_64_fastpath+0x1f/0xbe

 other info that might help us debug this:

  Possible unsafe locking scenario:

        CPU0                    CPU1
        ----                    ----
   lock(&sb->s_type->i_mutex_key#11);
                                lock(&cifsi->lock_sem);
                                lock(&sb->s_type->i_mutex_key#11);
   lock(&cifsi->lock_sem);

  *** DEADLOCK ***

 2 locks held by touch/487:
  #0:  (sb_writers#10){.+.+.+}, at: mnt_want_write+0x41/0xb0
  #1:  (&sb->s_type->i_mutex_key#11){+.+.+.}, at: utimes_common+0x3ad/0x870

 stack backtrace:
 CPU: 0 PID: 487 Comm: touch Not tainted 4.12.0-rc7+ #9
 Call Trace:
  dump_stack+0xdb/0x185
  print_circular_bug+0x45b/0x790
  __lock_acquire+0x1f74/0x38f0
  lock_acquire+0x1cc/0x600
  down_write+0x74/0x110
  cifsFileInfo_put+0x88f/0x16a0
  cifs_setattr+0x992/0x1680
  notify_change+0x61a/0xa80
  utimes_common+0x3d4/0x870
  do_utimes+0x1c1/0x220
  SyS_utimensat+0x84/0x1a0
  entry_SYSCALL_64_fastpath+0x1f/0xbe

Fixes: 19dfc1f5f2 ("cifs: fix the race in cifs_writev()")
Signed-off-by: Rabin Vincent <rabinv@axis.com>
Signed-off-by: Steve French <smfrench@gmail.com>
Acked-by: Pavel Shilovsky <pshilov@microsoft.com>
2017-07-05 20:08:39 -05:00
..
asn1.c [CIFS] cifs: Rename cERROR and cFYI to cifs_dbg 2013-05-04 22:17:23 -05:00
cache.c [CIFS] cifs: Rename cERROR and cFYI to cifs_dbg 2013-05-04 22:17:23 -05:00
cifs_debug.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
cifs_debug.h lib: update single-char callers of strtobool() 2016-03-17 15:09:34 -07:00
cifs_dfs_ref.c CIFS: add build_path_from_dentry_optional_prefix() 2017-03-01 22:26:10 -06:00
cifs_fs_sb.h cifs: Convert to separately allocated bdi 2017-04-20 12:09:55 -06:00
cifs_ioctl.h Enable previous version support 2016-10-13 19:48:11 -05:00
cifs_spnego.c cifs: Create dedicated keyring for spnego operations 2016-05-19 21:56:30 -05:00
cifs_spnego.h
cifs_unicode.c CIFS: add SFM mapping for 0x01-0x1F 2017-07-05 19:58:05 -05:00
cifs_unicode.h CIFS: add misssing SFM mapping for doublequote 2017-05-05 08:33:44 -05:00
cifs_uniupr.h
cifsacl.c cifs: cifsacl: Use a temporary ops variable to reduce code length 2017-05-12 19:45:18 -05:00
cifsacl.h cifs: fix SID binary to string conversion 2012-12-11 11:48:49 -06:00
cifsencrypt.c fs: cifs: replace CURRENT_TIME by other appropriate apis 2017-05-08 17:15:15 -07:00
cifsfs.c Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 2017-05-06 11:51:46 -07:00
cifsfs.h Introduce cifs_copy_file_range() 2017-04-07 08:04:41 -05:00
cifsglob.h [CIFS] Minor cleanup of xattr query function 2017-05-12 20:59:10 -05:00
cifspdu.h CIFS: move DFS response parsing out of SMB1 code 2017-03-01 22:26:10 -06:00
cifsproto.h [CIFS] Minor cleanup of xattr query function 2017-05-12 20:59:10 -05:00
cifssmb.c [CIFS] Minor cleanup of xattr query function 2017-05-12 20:59:10 -05:00
connect.c Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 2017-05-06 11:51:46 -07:00
dir.c CIFS: add build_path_from_dentry_optional_prefix() 2017-03-01 22:26:10 -06:00
dns_resolve.c cifs: fix composing of mount options for DFS referrals 2013-05-24 13:08:31 -05:00
dns_resolve.h
export.c [CIFS] cifs: Rename cERROR and cFYI to cifs_dbg 2013-05-04 22:17:23 -05:00
file.c CIFS: fix circular locking dependency 2017-07-05 20:08:39 -05:00
fscache.c NFS client updates for Linux 3.13 2013-11-08 05:57:46 +09:00
fscache.h CIFS: FS-Cache: Uncache unread pages in cifs_readpages() before freeing them 2013-09-18 10:17:03 -05:00
inode.c [CIFS] Minor cleanup of xattr query function 2017-05-12 20:59:10 -05:00
ioctl.c cifs: fix CIFS_IOC_GET_MNT_INFO oops 2017-05-03 19:32:35 -05:00
Kconfig CIFS: add CONFIG_CIFS_DEBUG_KEYS to dump encryption keys 2017-07-05 19:51:04 -05:00
link.c cifs: use %16phN for formatting md5 sum 2016-12-15 00:21:37 -06:00
Makefile cifs: Switch to generic xattr handlers 2016-04-23 15:33:03 -04:00
misc.c CIFS: check if pages is null rather than bv for a failed allocation 2017-06-20 19:11:35 -05:00
netmisc.c cifs: small underflow in cnvrtDosUnixTm() 2017-05-02 14:57:34 -05:00
nterr.c CIFS: Rename 7 error codes to NT_ style 2012-07-24 10:25:10 -05:00
nterr.h CIFS: Rename 7 error codes to NT_ style 2012-07-24 10:25:10 -05:00
ntlmssp.h cifs: dynamic allocation of ntlmssp blob 2016-06-23 23:45:07 -05:00
readdir.c cifs: initialize file_info_lock 2017-01-14 14:58:29 -06:00
rfc1002pdu.h
sess.c smb2: Enforce sec= mount option 2017-03-02 23:13:37 -06:00
smb1ops.c CIFS: Improve readdir verbosity 2017-06-20 19:13:47 -05:00
smb2file.c CIFS: add use_ipc flag to SMB2_ioctl() 2017-03-01 22:26:11 -06:00
smb2glob.h CIFS: Separate SMB2 header structure 2017-02-01 16:46:34 -06:00
smb2inode.c Do not send SMB3 SET_INFO request if nothing is changing 2016-10-13 19:46:51 -05:00
smb2maperror.c CIFS: Separate SMB2 header structure 2017-02-01 16:46:34 -06:00
smb2misc.c CIFS: fix oplock break deadlocks 2017-05-03 10:10:10 -05:00
smb2ops.c cifs: set oparms.create_options rather than or'ing in CREATE_OPEN_BACKUP_INTENT 2017-07-05 20:01:22 -05:00
smb2pdu.c cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options 2017-07-05 19:51:04 -05:00
smb2pdu.h CIFS: implement get_dfs_refer for SMB2+ 2017-03-02 17:05:31 -06:00
smb2proto.h cifs: prototype declaration and definition for smb 2 - 3 and cifsacl mount options 2017-07-05 19:51:04 -05:00
smb2status.h CIFS: Add SMB2 status codes 2012-07-24 10:25:13 -05:00
smb2transport.c CIFS: add CONFIG_CIFS_DEBUG_KEYS to dump encryption keys 2017-07-05 19:51:04 -05:00
smbencrypt.c cifs: Fix smbencrypt() to stop pointing a scatterlist at the stack 2016-12-14 01:44:16 -06:00
smberr.h
smbfsctl.h [SMB3] Send durable handle v2 contexts when use of persistent handles required 2015-11-03 09:26:27 -06:00
transport.c cifs: Do not modify mid entry after submitting I/O in cifs_call_async 2017-07-05 19:58:08 -05:00
winucase.c [CIFS] quiet sparse compile warning 2013-09-08 14:54:24 -05:00
xattr.c cifs: remove redundant return in cifs_creation_time_get 2017-06-20 19:14:40 -05:00