mirror of
https://github.com/raspberrypi/linux.git
synced 2025-12-06 01:49:46 +00:00
smb: client: introduce close_cached_dir_locked()
commit a9d1f38df7 upstream.
Replace close_cached_dir() calls under cfid_list_lock with a new
close_cached_dir_locked() variant that uses kref_put() instead of
kref_put_lock() to avoid recursive locking when dropping references.
While the existing code works if the refcount >= 2 invariant holds,
this area has proven error-prone. Make deadlocks impossible and WARN
on invariant violations.
Cc: stable@vger.kernel.org
Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Henrique Carvalho <henrique.carvalho@suse.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Henrique Carvalho
committed by
Greg Kroah-Hartman
Greg Kroah-Hartman
parent
21879b7683
commit
8d7a5b0e5a
@@ -16,6 +16,7 @@ static struct cached_fid *init_cached_dir(const char *path);
|
||||
static void free_cached_dir(struct cached_fid *cfid);
|
||||
static void smb2_close_cached_fid(struct kref *ref);
|
||||
static void cfids_laundromat_worker(struct work_struct *work);
|
||||
static void close_cached_dir_locked(struct cached_fid *cfid);
|
||||
|
||||
struct cached_dir_dentry {
|
||||
struct list_head entry;
|
||||
@@ -389,7 +390,7 @@ out:
|
||||
* lease. Release one here, and the second below.
|
||||
*/
|
||||
cfid->has_lease = false;
|
||||
close_cached_dir(cfid);
|
||||
close_cached_dir_locked(cfid);
|
||||
}
|
||||
spin_unlock(&cfids->cfid_list_lock);
|
||||
|
||||
@@ -476,18 +477,52 @@ void drop_cached_dir_by_name(const unsigned int xid, struct cifs_tcon *tcon,
|
||||
spin_lock(&cfid->cfids->cfid_list_lock);
|
||||
if (cfid->has_lease) {
|
||||
cfid->has_lease = false;
|
||||
close_cached_dir(cfid);
|
||||
close_cached_dir_locked(cfid);
|
||||
}
|
||||
spin_unlock(&cfid->cfids->cfid_list_lock);
|
||||
close_cached_dir(cfid);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* close_cached_dir - drop a reference of a cached dir
|
||||
*
|
||||
* The release function will be called with cfid_list_lock held to remove the
|
||||
* cached dirs from the list before any other thread can take another @cfid
|
||||
* ref. Must not be called with cfid_list_lock held; use
|
||||
* close_cached_dir_locked() called instead.
|
||||
*
|
||||
* @cfid: cached dir
|
||||
*/
|
||||
void close_cached_dir(struct cached_fid *cfid)
|
||||
{
|
||||
lockdep_assert_not_held(&cfid->cfids->cfid_list_lock);
|
||||
kref_put_lock(&cfid->refcount, smb2_close_cached_fid, &cfid->cfids->cfid_list_lock);
|
||||
}
|
||||
|
||||
/**
|
||||
* close_cached_dir_locked - put a reference of a cached dir with
|
||||
* cfid_list_lock held
|
||||
*
|
||||
* Calling close_cached_dir() with cfid_list_lock held has the potential effect
|
||||
* of causing a deadlock if the invariant of refcount >= 2 is false.
|
||||
*
|
||||
* This function is used in paths that hold cfid_list_lock and expect at least
|
||||
* two references. If that invariant is violated, WARNs and returns without
|
||||
* dropping a reference; the final put must still go through
|
||||
* close_cached_dir().
|
||||
*
|
||||
* @cfid: cached dir
|
||||
*/
|
||||
static void close_cached_dir_locked(struct cached_fid *cfid)
|
||||
{
|
||||
lockdep_assert_held(&cfid->cfids->cfid_list_lock);
|
||||
|
||||
if (WARN_ON(kref_read(&cfid->refcount) < 2))
|
||||
return;
|
||||
|
||||
kref_put(&cfid->refcount, smb2_close_cached_fid);
|
||||
}
|
||||
|
||||
/*
|
||||
* Called from cifs_kill_sb when we unmount a share
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user