Commit fe0627e7 authored by Ryusuke Konishi's avatar Ryusuke Konishi Committed by Linus Torvalds

nilfs2: fix timing issue between rmcp and chcp ioctls

The checkpoint deletion ioctl (rmcp ioctl) has potential for breaking
snapshot because it is not fully exclusive with checkpoint mode change
ioctl (chcp ioctl).

The rmcp ioctl first tests if the specified checkpoint is a snapshot or
not within nilfs_cpfile_delete_checkpoint function, and then calls
nilfs_cpfile_delete_checkpoints function to actually invalidate the
checkpoint only if it's not a snapshot.  However, the checkpoint can be
changed into a snapshot by the chcp ioctl between these two operations.
In that case, calling nilfs_cpfile_delete_checkpoints() wrongly
invalidates the snapshot, which leads to snapshot list corruption and
snapshot count mismatch.

This fixes the issue by changing nilfs_cpfile_delete_checkpoints() so
that it reconfirms the target checkpoints are snapshot or not.

This second check is exclusive with the chcp operation since it is
protected by an existing semaphore.
Signed-off-by: default avatarRyusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Cc: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 278038ac
...@@ -286,7 +286,7 @@ int nilfs_cpfile_delete_checkpoints(struct inode *cpfile, ...@@ -286,7 +286,7 @@ int nilfs_cpfile_delete_checkpoints(struct inode *cpfile,
__u64 cno; __u64 cno;
void *kaddr; void *kaddr;
unsigned long tnicps; unsigned long tnicps;
int ret, ncps, nicps, count, i; int ret, ncps, nicps, nss, count, i;
if (unlikely(start == 0 || start > end)) { if (unlikely(start == 0 || start > end)) {
printk(KERN_ERR "%s: invalid range of checkpoint numbers: " printk(KERN_ERR "%s: invalid range of checkpoint numbers: "
...@@ -301,6 +301,7 @@ int nilfs_cpfile_delete_checkpoints(struct inode *cpfile, ...@@ -301,6 +301,7 @@ int nilfs_cpfile_delete_checkpoints(struct inode *cpfile,
if (ret < 0) if (ret < 0)
goto out_sem; goto out_sem;
tnicps = 0; tnicps = 0;
nss = 0;
for (cno = start; cno < end; cno += ncps) { for (cno = start; cno < end; cno += ncps) {
ncps = nilfs_cpfile_checkpoints_in_block(cpfile, cno, end); ncps = nilfs_cpfile_checkpoints_in_block(cpfile, cno, end);
...@@ -318,8 +319,9 @@ int nilfs_cpfile_delete_checkpoints(struct inode *cpfile, ...@@ -318,8 +319,9 @@ int nilfs_cpfile_delete_checkpoints(struct inode *cpfile,
cpfile, cno, cp_bh, kaddr); cpfile, cno, cp_bh, kaddr);
nicps = 0; nicps = 0;
for (i = 0; i < ncps; i++, cp = (void *)cp + cpsz) { for (i = 0; i < ncps; i++, cp = (void *)cp + cpsz) {
WARN_ON(nilfs_checkpoint_snapshot(cp)); if (nilfs_checkpoint_snapshot(cp)) {
if (!nilfs_checkpoint_invalid(cp)) { nss++;
} else if (!nilfs_checkpoint_invalid(cp)) {
nilfs_checkpoint_set_invalid(cp); nilfs_checkpoint_set_invalid(cp);
nicps++; nicps++;
} }
...@@ -364,6 +366,8 @@ int nilfs_cpfile_delete_checkpoints(struct inode *cpfile, ...@@ -364,6 +366,8 @@ int nilfs_cpfile_delete_checkpoints(struct inode *cpfile,
} }
brelse(header_bh); brelse(header_bh);
if (nss > 0)
ret = -EBUSY;
out_sem: out_sem:
up_write(&NILFS_MDT(cpfile)->mi_sem); up_write(&NILFS_MDT(cpfile)->mi_sem);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment