From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mx3-rdu2.redhat.com ([66.187.233.73]:51308 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1752949AbeGCVxY (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
        Tue, 3 Jul 2018 17:53:24 -0400
From: David Howells <dhowells@redhat.com>
In-Reply-To: <20180703183325.GA210265@gmail.com>
References: <20180703183325.GA210265@gmail.com> <152720672288.9073.9868393448836301272.stgit@warthog.procyon.org.uk> <152720678933.9073.11201500538963619904.stgit@warthog.procyon.org.uk>
To: Eric Biggers <ebiggers3@gmail.com>, viro@zeniv.linux.org.uk
Cc: dhowells@redhat.com, linux-fsdevel@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-afs@lists.infradead.org
Subject: Re: [PATCH 10/32] VFS: Implement a filesystem superblock creation/configuration context [ver #8]
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <14123.1530654802.1@warthog.procyon.org.uk>
Content-Transfer-Encoding: 8BIT
Date: Tue, 03 Jul 2018 22:53:22 +0100
Message-ID: <14124.1530654802@warthog.procyon.org.uk>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

Eric Biggers <ebiggers3@gmail.com> wrote:

> ->s_umount is released once here and again in destroy_unused_super().

Good catch, thanks.  The interface has changed over the lifetime of the
patches.  How about the attached patch?

David
---
commit b3899e214a6a0e0551f6dc707b28d61b11e718a5
Author: David Howells <dhowells@redhat.com>
Date:   Tue Jul 3 22:35:28 2018 +0100

    vfs: Locking fix for sget_fc()
    
    In sget_fc(), don't drop the s_umount lock before calling
    destroy_unused_super() as that will drop the lock.
    
    Fixes: 8a2e54b8af88 ("vfs: Implement a filesystem superblock creation/configuration context")
    Reported-by: Eric Biggers <ebiggers3@gmail.com>
    Signed-off-by: David Howells <dhowells@redhat.com>

diff --git a/fs/super.c b/fs/super.c
index 43400f5fa33a..b014cd48a451 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -516,19 +516,14 @@ struct super_block *sget_fc(struct fs_context *fc,
 				continue;
 			if (fc->user_ns != old->s_user_ns) {
 				spin_unlock(&sb_lock);
-				if (s) {
-					up_write(&s->s_umount);
+				if (s)
 					destroy_unused_super(s);
-				}
 				return ERR_PTR(-EBUSY);
 			}
 			if (!grab_super(old))
 				goto retry;
-			if (s) {
-				up_write(&s->s_umount);
+			if (s)
 				destroy_unused_super(s);
-				s = NULL;
-			}
 			return old;
 		}
 	}
@@ -545,7 +540,6 @@ struct super_block *sget_fc(struct fs_context *fc,
 	if (err) {
 		s->s_fs_info = NULL;
 		spin_unlock(&sb_lock);
-		up_write(&s->s_umount);
 		destroy_unused_super(s);
 		return ERR_PTR(err);
 	}