eCryptfs: Fix new inode race condition

Tyler Hicks · Tyler Hicks · commit 3b06b3ebf441 · 2011-05-29T14:23:39.000-05:00
Only unlock and d_add() new inodes after the plaintext inode size has been read from the lower filesystem. This fixes a race condition that was sometimes seen during a multi-job kernel build in an eCryptfs mount. https://bugzilla.kernel.org/show_bug.cgi?id=36002 Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com> Reported-by: David <david@unsolicited.net> Tested-by: David <david@unsolicited.net>
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
@@ -1568,11 +1568,11 @@ int ecryptfs_read_xattr_region(char *page_virt, struct inode *ecryptfs_inode)
 }
 
 int ecryptfs_read_and_validate_xattr_region(char *page_virt,
-					    struct dentry *ecryptfs_dentry)
+					    struct inode *inode)
 {
 	int rc;
 
-	rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_dentry->d_inode);
+	rc = ecryptfs_read_xattr_region(page_virt, inode);
 	if (rc)
 		goto out;
 	if (!contains_ecryptfs_marker(page_virt	+ ECRYPTFS_FILE_SIZE_BYTES)) {
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
@@ -662,7 +662,7 @@ void ecryptfs_write_crypt_stat_flags(char *page_virt,
 int ecryptfs_read_and_validate_header_region(char *data,
 					     struct inode *ecryptfs_inode);
 int ecryptfs_read_and_validate_xattr_region(char *page_virt,
-					    struct dentry *ecryptfs_dentry);
+					    struct inode *inode);
 u8 ecryptfs_code_for_cipher_string(char *cipher_name, size_t key_bytes);
 int ecryptfs_cipher_code_to_string(char *str, u8 cipher_code);
 void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat);
@@ -753,7 +753,7 @@ int ecryptfs_privileged_open(struct file **lower_file,
 			     struct dentry *lower_dentry,
 			     struct vfsmount *lower_mnt,
 			     const struct cred *cred);
-int ecryptfs_get_lower_file(struct dentry *ecryptfs_dentry);
+int ecryptfs_get_lower_file(struct dentry *dentry, struct inode *inode);
 void ecryptfs_put_lower_file(struct inode *inode);
 int
 ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes,
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
@@ -191,7 +191,7 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
 				      | ECRYPTFS_ENCRYPTED);
 	}
 	mutex_unlock(&crypt_stat->cs_mutex);
-	rc = ecryptfs_get_lower_file(ecryptfs_dentry);
+	rc = ecryptfs_get_lower_file(ecryptfs_dentry, inode);
 	if (rc) {
 		printk(KERN_ERR "%s: Error attempting to initialize "
 			"the lower file for the dentry with name "
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
@@ -259,7 +259,8 @@ static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry)
 				"context; rc = [%d]\n", rc);
 		goto out;
 	}
-	rc = ecryptfs_get_lower_file(ecryptfs_dentry);
+	rc = ecryptfs_get_lower_file(ecryptfs_dentry,
+				     ecryptfs_dentry->d_inode);
 	if (rc) {
 		printk(KERN_ERR "%s: Error attempting to initialize "
 			"the lower file for the dentry with name "
@@ -350,50 +351,51 @@ static int ecryptfs_lookup_interpose(struct dentry *ecryptfs_dentry,
 		       __func__, rc);
 		goto out;
 	}
-	if (inode->i_state & I_NEW)
-		unlock_new_inode(inode);
-	d_add(ecryptfs_dentry, inode);
-	if (S_ISDIR(lower_inode->i_mode))
-		goto out;
-	if (S_ISLNK(lower_inode->i_mode))
-		goto out;
-	if (special_file(lower_inode->i_mode))
+	if (!S_ISREG(inode->i_mode)) {
+		if (inode->i_state & I_NEW)
+			unlock_new_inode(inode);
+		d_add(ecryptfs_dentry, inode);
 		goto out;
+	}
 	/* Released in this function */
 	page_virt = kmem_cache_zalloc(ecryptfs_header_cache_2, GFP_USER);
 	if (!page_virt) {
 		printk(KERN_ERR "%s: Cannot kmem_cache_zalloc() a page\n",
 		       __func__);
 		rc = -ENOMEM;
+		make_bad_inode(inode);
 		goto out;
 	}
-	rc = ecryptfs_get_lower_file(ecryptfs_dentry);
+	rc = ecryptfs_get_lower_file(ecryptfs_dentry, inode);
 	if (rc) {
 		printk(KERN_ERR "%s: Error attempting to initialize "
 			"the lower file for the dentry with name "
 			"[%s]; rc = [%d]\n", __func__,
 			ecryptfs_dentry->d_name.name, rc);
+		make_bad_inode(inode);
 		goto out_free_kmem;
 	}
 	put_lower = 1;
-	crypt_stat = &ecryptfs_inode_to_private(
-					ecryptfs_dentry->d_inode)->crypt_stat;
+	crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;
 	/* TODO: lock for crypt_stat comparison */
 	if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))
 			ecryptfs_set_default_sizes(crypt_stat);
-	rc = ecryptfs_read_and_validate_header_region(page_virt,
-						      ecryptfs_dentry->d_inode);
+	rc = ecryptfs_read_and_validate_header_region(page_virt, inode);
 	if (rc) {
 		memset(page_virt, 0, PAGE_CACHE_SIZE);
 		rc = ecryptfs_read_and_validate_xattr_region(page_virt,
-							     ecryptfs_dentry);
+							     inode);
 		if (rc) {
 			rc = 0;
-			goto out_free_kmem;
+			goto unlock_inode;
 		}
 		crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR;
 	}
-	ecryptfs_i_size_init(page_virt, ecryptfs_dentry->d_inode);
+	ecryptfs_i_size_init(page_virt, inode);
+unlock_inode:
+	if (inode->i_state & I_NEW)
+		unlock_new_inode(inode);
+	d_add(ecryptfs_dentry, inode);
 out_free_kmem:
 	kmem_cache_free(ecryptfs_header_cache_2, page_virt);
 	goto out;
@@ -403,7 +405,7 @@ static int ecryptfs_lookup_interpose(struct dentry *ecryptfs_dentry,
 	d_drop(ecryptfs_dentry);
 out:
 	if (put_lower)
-		ecryptfs_put_lower_file(ecryptfs_dentry->d_inode);
+		ecryptfs_put_lower_file(inode);
 	return rc;
 }
 
@@ -843,7 +845,7 @@ static int truncate_upper(struct dentry *dentry, struct iattr *ia,
 		lower_ia->ia_valid &= ~ATTR_SIZE;
 		return 0;
 	}
-	rc = ecryptfs_get_lower_file(dentry);
+	rc = ecryptfs_get_lower_file(dentry, inode);
 	if (rc)
 		return rc;
 	crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;
@@ -999,7 +1001,7 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia)
 
 		mount_crypt_stat = &ecryptfs_superblock_to_private(
 			dentry->d_sb)->mount_crypt_stat;
-		rc = ecryptfs_get_lower_file(dentry);
+		rc = ecryptfs_get_lower_file(dentry, inode);
 		if (rc) {
 			mutex_unlock(&crypt_stat->cs_mutex);
 			goto out;
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
@@ -135,12 +135,12 @@ static int ecryptfs_init_lower_file(struct dentry *dentry,
 	return rc;
 }
 
-int ecryptfs_get_lower_file(struct dentry *dentry)
+int ecryptfs_get_lower_file(struct dentry *dentry, struct inode *inode)
 {
-	struct ecryptfs_inode_info *inode_info =
-		ecryptfs_inode_to_private(dentry->d_inode);
+	struct ecryptfs_inode_info *inode_info;
 	int count, rc = 0;
 
+	inode_info = ecryptfs_inode_to_private(inode);
 	mutex_lock(&inode_info->lower_file_mutex);
 	count = atomic_inc_return(&inode_info->lower_file_count);
 	if (WARN_ON_ONCE(count < 1))

Original file line number	Diff line number	Diff line change
`@@ -1568,11 +1568,11 @@ int ecryptfs_read_xattr_region(char page_virt, struct inode ecryptfs_inode)`
`1568`	`1568`	`}`
`1569`	`1569`
`1570`	`1570`	`int ecryptfs_read_and_validate_xattr_region(char *page_virt,`
`1571`		`- struct dentry *ecryptfs_dentry)`
	`1571`	`+ struct inode *inode)`
`1572`	`1572`	`{`
`1573`	`1573`	`int rc;`
`1574`	`1574`
`1575`		`- rc = ecryptfs_read_xattr_region(page_virt, ecryptfs_dentry->d_inode);`
	`1575`	`+ rc = ecryptfs_read_xattr_region(page_virt, inode);`
`1576`	`1576`	`if (rc)`
`1577`	`1577`	`goto out;`
`1578`	`1578`	`if (!contains_ecryptfs_marker(page_virt + ECRYPTFS_FILE_SIZE_BYTES)) {`
Original file line number	Diff line number	Diff line change
`@@ -191,7 +191,7 @@ static int ecryptfs_open(struct inode inode, struct file file)`
`191`	`191`	`\| ECRYPTFS_ENCRYPTED);`
`192`	`192`	`}`
`193`	`193`	`mutex_unlock(&crypt_stat->cs_mutex);`
`194`		`- rc = ecryptfs_get_lower_file(ecryptfs_dentry);`
	`194`	`+ rc = ecryptfs_get_lower_file(ecryptfs_dentry, inode);`
`195`	`195`	`if (rc) {`
`196`	`196`	`printk(KERN_ERR "%s: Error attempting to initialize "`
`197`	`197`	`"the lower file for the dentry with name "`
Original file line number	Diff line number	Diff line change
`@@ -135,12 +135,12 @@ static int ecryptfs_init_lower_file(struct dentry *dentry,`
`135`	`135`	`return rc;`
`136`	`136`	`}`
`137`	`137`
`138`		`-int ecryptfs_get_lower_file(struct dentry *dentry)`
	`138`	`+int ecryptfs_get_lower_file(struct dentry dentry, struct inode inode)`
`139`	`139`	`{`
`140`		`- struct ecryptfs_inode_info *inode_info =`
`141`		`- ecryptfs_inode_to_private(dentry->d_inode);`
	`140`	`+ struct ecryptfs_inode_info *inode_info;`
`142`	`141`	`int count, rc = 0;`
`143`	`142`
	`143`	`+ inode_info = ecryptfs_inode_to_private(inode);`
`144`	`144`	`mutex_lock(&inode_info->lower_file_mutex);`
`145`	`145`	`count = atomic_inc_return(&inode_info->lower_file_count);`
`146`	`146`	`if (WARN_ON_ONCE(count < 1))`