• Al Viro's avatar
    nfsd race fixes: ext2 · 41080b5a
    Al Viro authored
    * make ext2_new_inode() put the inode into icache in locked state
    * do not unlock until the inode is fully set up; otherwise nfsd
    might pick it in half-baked state.
    * make sure that ext2_new_inode() does *not* lead to two inodes with the
    same inumber hashed at the same time; otherwise a bogus fhandle coming
    from nfsd might race with inode creation:
    
    nfsd: iget_locked() creates inode
    nfsd: try to read from disk, block on that.
    ext2_new_inode(): allocate inode with that inumber
    ext2_new_inode(): insert it into icache, set it up and dirty
    ext2_write_inode(): get the relevant part of inode table in cache,
    set the entry for our inode (and start writing to disk)
    nfsd: get CPU again, look into inode table, see nice and sane on-disk
    inode, set the in-core inode from it
    
    oops - we have two in-core inodes with the same inumber live in icache,
    both used for IO.  Welcome to fs corruption...
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    41080b5a
namei.c 9.2 KB