mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-28 21:33:52 +00:00
ext4: Fix deadlock during directory rename
[ Upstream commit3c92792da8
] As lockdep properly warns, we should not be locking i_rwsem while having transactions started as the proper lock ordering used by all directory handling operations is i_rwsem -> transaction start. Fix the lock ordering by moving the locking of the directory earlier in ext4_rename(). Reported-by: syzbot+9d16c39efb5fade84574@syzkaller.appspotmail.com Fixes:0813299c58
("ext4: Fix possible corruption when moving a directory") Link: https://syzkaller.appspot.com/bug?extid=9d16c39efb5fade84574 Signed-off-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20230301141004.15087-1-jack@suse.cz Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
07b0aba4ad
commit
a2bc806e95
1 changed files with 17 additions and 9 deletions
|
@ -3827,10 +3827,20 @@ static int ext4_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
|
|||
return retval;
|
||||
}
|
||||
|
||||
/*
|
||||
* We need to protect against old.inode directory getting converted
|
||||
* from inline directory format into a normal one.
|
||||
*/
|
||||
if (S_ISDIR(old.inode->i_mode))
|
||||
inode_lock_nested(old.inode, I_MUTEX_NONDIR2);
|
||||
|
||||
old.bh = ext4_find_entry(old.dir, &old.dentry->d_name, &old.de,
|
||||
&old.inlined);
|
||||
if (IS_ERR(old.bh))
|
||||
return PTR_ERR(old.bh);
|
||||
if (IS_ERR(old.bh)) {
|
||||
retval = PTR_ERR(old.bh);
|
||||
goto unlock_moved_dir;
|
||||
}
|
||||
|
||||
/*
|
||||
* Check for inode number is _not_ due to possible IO errors.
|
||||
* We might rmdir the source, keep it as pwd of some process
|
||||
|
@ -3887,11 +3897,6 @@ static int ext4_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
|
|||
if (new.dir != old.dir && EXT4_DIR_LINK_MAX(new.dir))
|
||||
goto end_rename;
|
||||
}
|
||||
/*
|
||||
* We need to protect against old.inode directory getting
|
||||
* converted from inline directory format into a normal one.
|
||||
*/
|
||||
inode_lock_nested(old.inode, I_MUTEX_NONDIR2);
|
||||
retval = ext4_rename_dir_prepare(handle, &old);
|
||||
if (retval) {
|
||||
inode_unlock(old.inode);
|
||||
|
@ -4021,12 +4026,15 @@ static int ext4_rename(struct user_namespace *mnt_userns, struct inode *old_dir,
|
|||
} else {
|
||||
ext4_journal_stop(handle);
|
||||
}
|
||||
if (old.dir_bh)
|
||||
inode_unlock(old.inode);
|
||||
release_bh:
|
||||
brelse(old.dir_bh);
|
||||
brelse(old.bh);
|
||||
brelse(new.bh);
|
||||
|
||||
unlock_moved_dir:
|
||||
if (S_ISDIR(old.inode->i_mode))
|
||||
inode_unlock(old.inode);
|
||||
|
||||
return retval;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue