[PATCH 0/2] locks: some small locks.c fixups for v3.16

[PATCH 0/2] locks: some small locks.c fixups for v3.16

[Jeff Layton]

Just a couple of small locks.c fixes. Neither of them are too earth
shattering, but the first fixes a potential regression. I'll let them
sit in linux-next for a few days and then send them on to Linus if there
are no objections.

Jeff Layton (2):
  locks: add missing memory barrier in break_deleg
  locks: set fl_owner for leases back to current->files

 fs/locks.c         | 2 +-
 include/linux/fs.h | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

-- 
1.9.3

[PATCH 1/2] locks: add missing memory barrier in break_deleg

[Jeff Layton]

break_deleg is subject to the same potential race as break_lease. Add
a memory barrier to prevent it.

Signed-off-by: Jeff Layton <jlayton@primarydata.com>
---
 include/linux/fs.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/include/linux/fs.h b/include/linux/fs.h
index c3f46e499dd0..22ae79650b82 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1914,6 +1914,12 @@ static inline int break_lease(struct inode *inode, unsigned int mode)
 
 static inline int break_deleg(struct inode *inode, unsigned int mode)
 {
+	/*
+	 * Since this check is lockless, we must ensure that any refcounts
+	 * taken are done before checking inode->i_flock. Otherwise, we could
+	 * end up racing with tasks trying to set a new lease on this file.
+	 */
+	smp_mb();
 	if (inode->i_flock)
 		return __break_lease(inode, mode, FL_DELEG);
 	return 0;
-- 
1.9.3

[PATCH 2/2] locks: set fl_owner for leases back to current->files

[Jeff Layton]

This fixes a regression due to commit 130d1f956ab3. I had mistakenly
thought that the fl_owner wasn't used in the lease code, but I missed
the place in __break_lease that does use it.

The i_have_this_lease check in generic_add_lease uses it. While I'm not
sure that check is terribly helpful [1], reset it back to using
current->files in order to ensure that there's no behavior change here.

[1]: leases are owned by the file description. It's possible that this
     is a threaded program, and the lease breaker and the task that
     would handle the signal are different, even if they have the same
     file table. So, there is the potential for false positives with
     this check.

Fixes:
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
---
 fs/locks.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/locks.c b/fs/locks.c
index da57c9b7e844..717fbc404e6b 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -431,7 +431,7 @@ static int lease_init(struct file *filp, long type, struct file_lock *fl)
 	if (assign_type(fl, type) != 0)
 		return -EINVAL;
 
-	fl->fl_owner = (fl_owner_t)filp;
+	fl->fl_owner = (fl_owner_t)current->files;
 	fl->fl_pid = current->tgid;
 
 	fl->fl_file = filp;
-- 
1.9.3

Re: [PATCH 1/2] locks: add missing memory barrier in break_deleg

[J. Bruce Fields]

On Tue, Jun 10, 2014 at 04:14:35PM -0400, Jeff Layton wrote:
> break_deleg is subject to the same potential race as break_lease. Add
> a memory barrier to prevent it.

Acked-by: J. Bruce Fields <bfields@redhat.com>

Though we might now just move the comment, smp_mb(), and inode->i_flock
calls into __break_lease?

--b.

> 
> Signed-off-by: Jeff Layton <jlayton@primarydata.com>
> ---
>  include/linux/fs.h | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index c3f46e499dd0..22ae79650b82 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -1914,6 +1914,12 @@ static inline int break_lease(struct inode *inode, unsigned int mode)
>  
>  static inline int break_deleg(struct inode *inode, unsigned int mode)
>  {
> +	/*
> +	 * Since this check is lockless, we must ensure that any refcounts
> +	 * taken are done before checking inode->i_flock. Otherwise, we could
> +	 * end up racing with tasks trying to set a new lease on this file.
> +	 */
> +	smp_mb();
>  	if (inode->i_flock)
>  		return __break_lease(inode, mode, FL_DELEG);
>  	return 0;
> -- 
> 1.9.3
> 

Re: [PATCH 2/2] locks: set fl_owner for leases back to current->files

[J. Bruce Fields]

On Tue, Jun 10, 2014 at 04:14:36PM -0400, Jeff Layton wrote:
> This fixes a regression due to commit 130d1f956ab3. I had mistakenly
> thought that the fl_owner wasn't used in the lease code, but I missed
> the place in __break_lease that does use it.
> 
> The i_have_this_lease check in generic_add_lease uses it. While I'm not
> sure that check is terribly helpful [1], reset it back to using
> current->files in order to ensure that there's no behavior change here.
> 
> [1]: leases are owned by the file description. It's possible that this
>      is a threaded program, and the lease breaker and the task that
>      would handle the signal are different, even if they have the same
>      file table. So, there is the potential for false positives with
>      this check.

ACK to restoring the old behavior, but meanwhile I'm pretty confused by
the old behavior.

> Fixes:

Did you mean to have a 130d1f956ab3 there?

--b.

> Signed-off-by: Jeff Layton <jlayton@primarydata.com>
> ---
>  fs/locks.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/locks.c b/fs/locks.c
> index da57c9b7e844..717fbc404e6b 100644
> --- a/fs/locks.c
> +++ b/fs/locks.c
> @@ -431,7 +431,7 @@ static int lease_init(struct file *filp, long type, struct file_lock *fl)
>  	if (assign_type(fl, type) != 0)
>  		return -EINVAL;
>  
> -	fl->fl_owner = (fl_owner_t)filp;
> +	fl->fl_owner = (fl_owner_t)current->files;
>  	fl->fl_pid = current->tgid;
>  
>  	fl->fl_file = filp;
> -- 
> 1.9.3
> 

Re: [PATCH 2/2] locks: set fl_owner for leases back to current->files

[Jeff Layton]

On Tue, 10 Jun 2014 16:53:43 -0400
"J. Bruce Fields" <bfields@fieldses.org> wrote:

> On Tue, Jun 10, 2014 at 04:14:36PM -0400, Jeff Layton wrote:
> > This fixes a regression due to commit 130d1f956ab3. I had mistakenly
> > thought that the fl_owner wasn't used in the lease code, but I missed
> > the place in __break_lease that does use it.
> > 
> > The i_have_this_lease check in generic_add_lease uses it. While I'm not
> > sure that check is terribly helpful [1], reset it back to using
> > current->files in order to ensure that there's no behavior change here.
> > 
> > [1]: leases are owned by the file description. It's possible that this
> >      is a threaded program, and the lease breaker and the task that
> >      would handle the signal are different, even if they have the same
> >      file table. So, there is the potential for false positives with
> >      this check.
> 
> ACK to restoring the old behavior, but meanwhile I'm pretty confused by
> the old behavior.
> 

Same here. Until we can untangle the history, it's probably best to not
change anything. I suspect that it might be best to just get rid of
that check, but it predates git so it might take some digging to
understand the original rationale.

> > Fixes:
> 
> Did you mean to have a 130d1f956ab3 there?
> 

Yes, thanks. Fixed in my tree...

> --b.
> 
> > Signed-off-by: Jeff Layton <jlayton@primarydata.com>
> > ---
> >  fs/locks.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/fs/locks.c b/fs/locks.c
> > index da57c9b7e844..717fbc404e6b 100644
> > --- a/fs/locks.c
> > +++ b/fs/locks.c
> > @@ -431,7 +431,7 @@ static int lease_init(struct file *filp, long type, struct file_lock *fl)
> >  	if (assign_type(fl, type) != 0)
> >  		return -EINVAL;
> >  
> > -	fl->fl_owner = (fl_owner_t)filp;
> > +	fl->fl_owner = (fl_owner_t)current->files;
> >  	fl->fl_pid = current->tgid;
> >  
> >  	fl->fl_file = filp;
> > -- 
> > 1.9.3
> > 


-- 
Jeff Layton <jlayton@poochiereds.net>

Re: [PATCH 1/2] locks: add missing memory barrier in break_deleg

[Jeff Layton]

On Tue, 10 Jun 2014 16:48:28 -0400
"J. Bruce Fields" <bfields@fieldses.org> wrote:

> On Tue, Jun 10, 2014 at 04:14:35PM -0400, Jeff Layton wrote:
> > break_deleg is subject to the same potential race as break_lease. Add
> > a memory barrier to prevent it.
> 
> Acked-by: J. Bruce Fields <bfields@redhat.com>
> 
> Though we might now just move the comment, smp_mb(), and inode->i_flock
> calls into __break_lease?
> 
> --b.
> 

We certainly could, but it would mean they'd no longer be inlined. I
doubt it'd make much difference, but I'm inclined to leave them as
inlines for now.

> > 
> > Signed-off-by: Jeff Layton <jlayton@primarydata.com>
> > ---
> >  include/linux/fs.h | 6 ++++++
> >  1 file changed, 6 insertions(+)
> > 
> > diff --git a/include/linux/fs.h b/include/linux/fs.h
> > index c3f46e499dd0..22ae79650b82 100644
> > --- a/include/linux/fs.h
> > +++ b/include/linux/fs.h
> > @@ -1914,6 +1914,12 @@ static inline int break_lease(struct inode *inode, unsigned int mode)
> >  
> >  static inline int break_deleg(struct inode *inode, unsigned int mode)
> >  {
> > +	/*
> > +	 * Since this check is lockless, we must ensure that any refcounts
> > +	 * taken are done before checking inode->i_flock. Otherwise, we could
> > +	 * end up racing with tasks trying to set a new lease on this file.
> > +	 */
> > +	smp_mb();
> >  	if (inode->i_flock)
> >  		return __break_lease(inode, mode, FL_DELEG);
> >  	return 0;
> > -- 
> > 1.9.3
> > 


-- 
Jeff Layton <jlayton@poochiereds.net>