tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

VFS: we need to set LOOKUP_JUMPED on mountpoint crossing

Mountpoint crossing is similar to following procfs symlinks - we do
not get ->d_revalidate() called for dentry we have arrived at, with
unpleasant consequences for NFS4.

Simple way to reproduce the problem in mainline:

cat >/tmp/a.c <<'EOF'
#include <unistd.h>
#include <fcntl.h>
#include <stdio.h>
main()
{
struct flock fl = {.l_type = F_RDLCK, .l_whence = SEEK_SET, .l_len = 1};
if (fcntl(0, F_SETLK, &fl))
perror("setlk");
}
EOF
cc /tmp/a.c -o /tmp/test

then on nfs4:

mount --bind file1 file2
/tmp/test < file1 # ok
/tmp/test < file2 # spews "setlk: No locks available"...

What happens is the missing call of ->d_revalidate() after mountpoint
crossing and that's where NFS4 would issue OPEN request to server.

The fix is simple - treat mountpoint crossing the same way we deal with
following procfs-style symlinks. I.e. set LOOKUP_JUMPED...

Cc: stable@kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

Al Viro and committed by
Linus Torvalds a3fbbde7 54a0f913

+15 -1
+15 -1
fs/namei.c
··· 852 852 mntput(path->mnt); 853 853 if (ret == -EISDIR) 854 854 ret = 0; 855 - return ret; 855 + return ret < 0 ? ret : need_mntput; 856 856 } 857 857 858 858 int follow_down_one(struct path *path) ··· 900 900 break; 901 901 path->mnt = mounted; 902 902 path->dentry = mounted->mnt_root; 903 + nd->flags |= LOOKUP_JUMPED; 903 904 nd->seq = read_seqcount_begin(&path->dentry->d_seq); 904 905 /* 905 906 * Update the inode too. We don't need to re-check the ··· 1214 1213 path_put_conditional(path, nd); 1215 1214 return err; 1216 1215 } 1216 + if (err) 1217 + nd->flags |= LOOKUP_JUMPED; 1217 1218 *inode = path->dentry->d_inode; 1218 1219 return 0; 1219 1220 } ··· 2149 2146 } 2150 2147 2151 2148 /* create side of things */ 2149 + /* 2150 + * This will *only* deal with leaving RCU mode - LOOKUP_JUMPED has been 2151 + * cleared when we got to the last component we are about to look up 2152 + */ 2152 2153 error = complete_walk(nd); 2153 2154 if (error) 2154 2155 return ERR_PTR(error); ··· 2221 2214 if (error < 0) 2222 2215 goto exit_dput; 2223 2216 2217 + if (error) 2218 + nd->flags |= LOOKUP_JUMPED; 2219 + 2224 2220 error = -ENOENT; 2225 2221 if (!path->dentry->d_inode) 2226 2222 goto exit_dput; ··· 2233 2223 2234 2224 path_to_nameidata(path, nd); 2235 2225 nd->inode = path->dentry->d_inode; 2226 + /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ 2227 + error = complete_walk(nd); 2228 + if (error) 2229 + goto exit; 2236 2230 error = -EISDIR; 2237 2231 if (S_ISDIR(nd->inode->i_mode)) 2238 2232 goto exit;