linux/fs
Mingming Cao 8a2bfdcbfa [PATCH] ext[34]: EA block reference count racing fix
There are race issues around ext[34] xattr block release code.

ext[34]_xattr_release_block() checks the reference count of xattr block
(h_refcount) and frees that xattr block if it is the last one reference it.
 Unlike ext2, the check of this counter is unprotected by any lock.
ext[34]_xattr_release_block() will free the mb_cache entry before freeing
that xattr block.  There is a small window between the check for the re
h_refcount ==1 and the call to mb_cache_entry_free().  During this small
window another inode might find this xattr block from the mbcache and reuse
it, racing a refcount updates.  The xattr block will later be freed by the
first inode without notice other inode is still use it.  Later if that
block is reallocated as a datablock for other file, then more serious
problem might happen.

We need put a lock around places checking the refount as well to avoid
racing issue.  Another place need this kind of protection is in
ext3_xattr_block_set(), where it will modify the xattr block content in-
the-fly if the refcount is 1 (means it's the only inode reference it).

This will also fix another issue: the xattr block may not get freed at all
if no lock is to protect the refcount check at the release time.  It is
possible that the last two inodes could release the shared xattr block at
the same time.  But both of them think they are not the last one so only
decreased the h_refcount without freeing xattr block at all.

We need to call lock_buffer() after ext3_journal_get_write_access() to
avoid deadlock (because the later will call lock_buffer()/unlock_buffer
() as well).

Signed-off-by: Mingming Cao <cmm@us.ibm.com>
Cc: Andreas Gruenbacher <agruen@suse.de>
Cc: <linux-ext4@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-01 14:53:38 -08:00
..
9p 9p: implement optional loose read cache 2007-02-18 10:16:10 -06:00
adfs [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
affs [PATCH] affs: implement ->drop_inode 2007-02-20 17:10:15 -08:00
afs [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
autofs [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
autofs4 [PATCH] autofs4: check for directory re-create in lookup 2007-02-20 17:10:15 -08:00
befs [PATCH] mark struct inode_operations const 1 2007-02-12 09:48:46 -08:00
bfs [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
cifs Merge master.kernel.org:/pub/scm/linux/kernel/git/sfrench/cifs-2.6 2007-02-21 13:02:17 -08:00
coda [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
configfs [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
cramfs [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
debugfs debugfs: Remove misleading comments. 2007-02-16 15:19:17 -08:00
devpts [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
dlm [PATCH] mark struct file_operations const 6 2007-02-12 09:48:45 -08:00
ecryptfs [PATCH] eCryptfs: no path_release() after path_lookup() error 2007-03-01 14:53:38 -08:00
efs [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
exportfs
ext2 [PATCH] ext[234]: update documentation 2007-02-20 17:10:14 -08:00
ext3 [PATCH] ext[34]: EA block reference count racing fix 2007-03-01 14:53:38 -08:00
ext4 [PATCH] ext[34]: EA block reference count racing fix 2007-03-01 14:53:38 -08:00
fat [PATCH] FAT: DIO-write fallback to normal buffered 2007-02-20 17:10:14 -08:00
freevxfs [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
fuse [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
gfs2 [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
hfs [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
hfsplus [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
hostfs [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
hpfs [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
hppfs [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
hugetlbfs [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
isofs [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
jbd [PATCH] jbd: wait for already submitted t_sync_datalist buffer to complete 2006-12-22 08:55:51 -08:00
jbd2
jffs2 Merge git://git.infradead.org/mtd-2.6 2007-02-19 13:34:11 -08:00
jfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/shaggy/jfs-2.6 2007-02-26 11:44:51 -08:00
lockd Replace remaining references to "driverfs" with "sysfs". 2007-02-17 19:13:42 +01:00
minix [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
msdos [PATCH] mark struct inode_operations const 2 2007-02-12 09:48:46 -08:00
ncpfs [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
nfs [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
nfs_common
nfsd [PATCH] Fix a free-wrong-pointer bug in nfs/acl server. 2007-02-19 16:13:28 -08:00
nls
ntfs [PATCH] sysctl: remove the proc_dir_entry member for the sysctl tables 2007-02-14 08:10:00 -08:00
ocfs2 Fix typos concerning hierarchy 2007-02-17 19:23:03 +01:00
openpromfs [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
partitions Driver: remove redundant kobject_unregister checks 2007-02-16 15:19:17 -08:00
proc [PATCH] Missing __user in pointer referenced within copy_from_user 2007-02-20 17:10:15 -08:00
qnx4 [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
ramfs [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
reiserfs [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
romfs [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
smbfs [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
sysfs Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/driver-2.6 2007-02-26 11:41:30 -08:00
sysv [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
udf [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
ufs [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
vfat [PATCH] mark struct inode_operations const 3 2007-02-12 09:48:46 -08:00
xfs [PATCH] xfs warning fix 2007-02-20 17:10:13 -08:00
aio.c [PATCH] Transform kmem_cache_alloc()+memset(0) -> kmem_cache_zalloc(). 2007-02-11 10:51:27 -08:00
attr.c
bad_inode.c [PATCH] mark struct inode_operations const 1 2007-02-12 09:48:46 -08:00
binfmt_aout.c
binfmt_elf_fdpic.c [PATCH] Remove final references to deprecated "MAP_ANON" page protection flag 2007-02-11 10:51:17 -08:00
binfmt_elf.c [PATCH] x86: Don't require the vDSO for handling a.out signals 2007-02-13 13:26:26 +01:00
binfmt_em86.c
binfmt_flat.c [PATCH] uclinux: correctly remap bin_fmtflat exe allocated mem regions 2007-02-09 10:45:33 -08:00
binfmt_misc.c [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
binfmt_script.c
binfmt_som.c
bio.c [PATCH] optimize o_direct on block devices 2006-12-13 09:05:50 -08:00
block_dev.c [PATCH] lockdep: annotate BLKPG_DEL_PARTITION 2007-02-20 17:10:16 -08:00
buffer.c [PATCH] fs: fix nobh data leak 2007-02-20 17:10:15 -08:00
char_dev.c [PATCH] rework reserved major handling 2007-02-20 17:10:13 -08:00
compat_ioctl.c
compat.c
dcache.c Revert "[PATCH] Fix d_path for lazy unmounts" 2007-02-13 12:08:18 -08:00
dcookies.c
direct-io.c
dnotify.c
dquot.c [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
drop_caches.c [PATCH] remove invalidate_inode_pages() 2007-02-11 10:51:31 -08:00
eventpoll.c
exec.c [PATCH] Transform kmem_cache_alloc()+memset(0) -> kmem_cache_zalloc(). 2007-02-11 10:51:27 -08:00
fcntl.c
fifo.c
file_table.c
file.c [PATCH] fdtable: Provide free_fdtable() wrapper 2006-12-22 08:55:50 -08:00
filesystems.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
fs-writeback.c Write back inode data pages even when the inode itself is locked 2007-01-26 12:53:20 -08:00
generic_acl.c
inode.c [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
inotify_user.c [PATCH] inotify: read return val fix 2007-02-12 09:48:28 -08:00
inotify.c
internal.h
ioctl.c
ioprio.c [PATCH] pid: replace do/while_each_task_pid with do/while_each_pid_task 2007-02-12 09:48:32 -08:00
Kconfig Remove JFFS (version 1), as scheduled. 2007-02-17 16:10:59 -05:00
Kconfig.binfmt
libfs.c [PATCH] fs: fix libfs data leak 2007-02-20 17:10:15 -08:00
locks.c
Makefile Remove JFFS (version 1), as scheduled. 2007-02-17 16:10:59 -05:00
mbcache.c
mpage.c
namei.c [PATCH] __page_symlink retry loop error code fix 2007-02-16 08:13:56 -08:00
namespace.c [PATCH] Transform kmem_cache_alloc()+memset(0) -> kmem_cache_zalloc(). 2007-02-11 10:51:27 -08:00
nfsctl.c
no-block.c
open.c
pipe.c [PATCH] AUDIT_FD_PAIR 2007-02-17 21:30:15 -05:00
pnode.c
pnode.h
posix_acl.c
quota_v1.c
quota_v2.c
quota.c
read_write.c [PATCH] FS: speed up rw_verify_area() 2007-02-12 09:48:29 -08:00
read_write.h
readdir.c
select.c
seq_file.c
splice.c [PATCH] constify pipe_buf_operations 2006-12-13 09:05:47 -08:00
stack.c [PATCH] fs/stack.c: Copy i_nlink after all other attributes are copied 2007-02-19 14:21:50 -08:00
stat.c
super.c [PATCH] Mark struct super_operations const 2007-02-12 09:48:47 -08:00
sync.c
utimes.c
xattr_acl.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
xattr.c