From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mx3-rdu2.redhat.com ([66.187.233.73]:35542 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S932361AbeGCWGv (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
        Tue, 3 Jul 2018 18:06:51 -0400
From: David Howells <dhowells@redhat.com>
In-Reply-To: <20180703215825.GX30522@ZenIV.linux.org.uk>
References: <20180703215825.GX30522@ZenIV.linux.org.uk> <20180703183325.GA210265@gmail.com> <152720672288.9073.9868393448836301272.stgit@warthog.procyon.org.uk> <152720678933.9073.11201500538963619904.stgit@warthog.procyon.org.uk> <14124.1530654802@warthog.procyon.org.uk>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: dhowells@redhat.com, Eric Biggers <ebiggers3@gmail.com>,
        linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-afs@lists.infradead.org
Subject: Re: [PATCH 10/32] VFS: Implement a filesystem superblock creation/configuration context [ver #8]
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <19906.1530655609.1@warthog.procyon.org.uk>
Content-Transfer-Encoding: 8BIT
Date: Tue, 03 Jul 2018 23:06:49 +0100
Message-ID: <19907.1530655609@warthog.procyon.org.uk>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

Al Viro <viro@ZenIV.linux.org.uk> wrote:

> IOW, all of those should be unconditional.

Fair point.  How about the attached, then?

David
---
commit 1aa76514c426150af429d111cec256e81729fa6f
Author: David Howells <dhowells@redhat.com>
Date:   Tue Jul 3 22:35:28 2018 +0100

    vfs: Locking fix for sget_fc()
    
    In sget_fc(), don't drop the s_umount lock before calling
    destroy_unused_super() as that will drop the lock.
    
    Fixes: 8a2e54b8af88 ("vfs: Implement a filesystem superblock creation/configuration context")
    Reported-by: Eric Biggers <ebiggers3@gmail.com>
    Signed-off-by: David Howells <dhowells@redhat.com>

diff --git a/fs/super.c b/fs/super.c
index 43400f5fa33a..dccd397751b1 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -516,19 +516,12 @@ struct super_block *sget_fc(struct fs_context *fc,
 				continue;
 			if (fc->user_ns != old->s_user_ns) {
 				spin_unlock(&sb_lock);
-				if (s) {
-					up_write(&s->s_umount);
-					destroy_unused_super(s);
-				}
+				destroy_unused_super(s);
 				return ERR_PTR(-EBUSY);
 			}
 			if (!grab_super(old))
 				goto retry;
-			if (s) {
-				up_write(&s->s_umount);
-				destroy_unused_super(s);
-				s = NULL;
-			}
+			destroy_unused_super(s);
 			return old;
 		}
 	}
@@ -545,7 +538,6 @@ struct super_block *sget_fc(struct fs_context *fc,
 	if (err) {
 		s->s_fs_info = NULL;
 		spin_unlock(&sb_lock);
-		up_write(&s->s_umount);
 		destroy_unused_super(s);
 		return ERR_PTR(err);
 	}