ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
authorpiaojun <piaojun@huawei.com>
Thu, 1 Feb 2018 00:14:59 +0000 (16:14 -0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 26 Apr 2018 09:02:14 +0000 (11:02 +0200)
[ Upstream commit 16c8d569f5704a84164f30ff01b29879f3438065 ]

The race between *set_acl and *get_acl will cause getting incomplete
xattr data as below:

  processA                                    processB

  ocfs2_set_acl
    ocfs2_xattr_set
      __ocfs2_xattr_set_handle

                                              ocfs2_get_acl_nolock
                                                ocfs2_xattr_get_nolock:

processB may get incomplete xattr data if processA hasn't set_acl done.

So we should use 'ip_xattr_sem' to protect getting extended attribute in
ocfs2_get_acl_nolock(), as other processes could be changing it
concurrently.

Link: http://lkml.kernel.org/r/5A5DDCFF.7030001@huawei.com
Signed-off-by: Jun Piao <piaojun@huawei.com>
Reviewed-by: Alex Chen <alex.chen@huawei.com>
Cc: Mark Fasheh <mfasheh@versity.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Joseph Qi <jiangqi903@gmail.com>
Cc: Changwei Ge <ge.changwei@h3c.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/ocfs2/acl.c
fs/ocfs2/xattr.c

index 40b5cc97f7b0f709154402bfdbdbd0cc26004c24..917fadca8a7bc39c346b98b0cda729e5c53b91ee 100644 (file)
@@ -311,7 +311,9 @@ struct posix_acl *ocfs2_iop_get_acl(struct inode *inode, int type)
        if (had_lock < 0)
                return ERR_PTR(had_lock);
 
+       down_read(&OCFS2_I(inode)->ip_xattr_sem);
        acl = ocfs2_get_acl_nolock(inode, type, di_bh);
+       up_read(&OCFS2_I(inode)->ip_xattr_sem);
 
        ocfs2_inode_unlock_tracker(inode, 0, &oh, had_lock);
        brelse(di_bh);
@@ -330,7 +332,9 @@ int ocfs2_acl_chmod(struct inode *inode, struct buffer_head *bh)
        if (!(osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL))
                return 0;
 
+       down_read(&OCFS2_I(inode)->ip_xattr_sem);
        acl = ocfs2_get_acl_nolock(inode, ACL_TYPE_ACCESS, bh);
+       up_read(&OCFS2_I(inode)->ip_xattr_sem);
        if (IS_ERR(acl) || !acl)
                return PTR_ERR(acl);
        ret = __posix_acl_chmod(&acl, GFP_KERNEL, inode->i_mode);
@@ -361,8 +365,10 @@ int ocfs2_init_acl(handle_t *handle,
 
        if (!S_ISLNK(inode->i_mode)) {
                if (osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL) {
+                       down_read(&OCFS2_I(dir)->ip_xattr_sem);
                        acl = ocfs2_get_acl_nolock(dir, ACL_TYPE_DEFAULT,
                                                   dir_bh);
+                       up_read(&OCFS2_I(dir)->ip_xattr_sem);
                        if (IS_ERR(acl))
                                return PTR_ERR(acl);
                }
index 5fdf269ba82e393c1bff315b260ec45b7a1787b2..fb0a4eec310ce660510bce2088085976de599d5d 100644 (file)
@@ -638,9 +638,11 @@ int ocfs2_calc_xattr_init(struct inode *dir,
                                                     si->value_len);
 
        if (osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL) {
+               down_read(&OCFS2_I(dir)->ip_xattr_sem);
                acl_len = ocfs2_xattr_get_nolock(dir, dir_bh,
                                        OCFS2_XATTR_INDEX_POSIX_ACL_DEFAULT,
                                        "", NULL, 0);
+               up_read(&OCFS2_I(dir)->ip_xattr_sem);
                if (acl_len > 0) {
                        a_size = ocfs2_xattr_entry_real_size(0, acl_len);
                        if (S_ISDIR(mode))