sst-linux/Documentation/filesystems
Al Viro 362be9ec32 rename(): fix the locking of subdirectories
commit 22e111ed6c83dcde3037fc81176012721bc34c0b upstream.

	We should never lock two subdirectories without having taken
->s_vfs_rename_mutex; inode pointer order or not, the "order" proposed
in 28eceeda130f "fs: Lock moved directories" is not transitive, with
the usual consequences.

	The rationale for locking renamed subdirectory in all cases was
the possibility of race between rename modifying .. in a subdirectory to
reflect the new parent and another thread modifying the same subdirectory.
For a lot of filesystems that's not a problem, but for some it can lead
to trouble (e.g. the case when short directory contents is kept in the
inode, but creating a file in it might push it across the size limit
and copy its contents into separate data block(s)).

	However, we need that only in case when the parent does change -
otherwise ->rename() doesn't need to do anything with .. entry in the
first place.  Some instances are lazy and do a tautological update anyway,
but it's really not hard to avoid.

Amended locking rules for rename():
	find the parent(s) of source and target
	if source and target have the same parent
		lock the common parent
	else
		lock ->s_vfs_rename_mutex
		lock both parents, in ancestor-first order; if neither
		is an ancestor of another, lock the parent of source
		first.
	find the source and target.
	if source and target have the same parent
		if operation is an overwriting rename of a subdirectory
			lock the target subdirectory
	else
		if source is a subdirectory
			lock the source
		if target is a subdirectory
			lock the target
	lock non-directories involved, in inode pointer order if both
	source and target are such.

That way we are guaranteed that parents are locked (for obvious reasons),
that any renamed non-directory is locked (nfsd relies upon that),
that any victim is locked (emptiness check needs that, among other things)
and subdirectory that changes parent is locked (needed to protect the update
of .. entries).  We are also guaranteed that any operation locking more
than one directory either takes ->s_vfs_rename_mutex or locks a parent
followed by its child.

Cc: stable@vger.kernel.org
Fixes: 28eceeda130f "fs: Lock moved directories"
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-01-31 16:17:02 -08:00
..
caching
cifs
ext4
nfs
spufs
9p.rst
adfs.rst
affs.rst
afs.rst
api-summary.rst
autofs-mount-control.rst
autofs.rst
automount-support.rst
befs.rst
bfs.rst
btrfs.rst
ceph.rst
coda.rst
configfs.rst
cramfs.rst
dax.rst
debugfs.rst
devpts.rst
directory-locking.rst rename(): fix the locking of subdirectories 2024-01-31 16:17:02 -08:00
dlmfs.rst
dnotify.rst
ecryptfs.rst
efivarfs.rst
erofs.rst
ext2.rst
ext3.rst
f2fs.rst
fiemap.rst
files.rst
fscrypt.rst
fsverity.rst
fuse-io.rst
fuse.rst
gfs2-glocks.rst
gfs2-uevents.rst
gfs2.rst
hfs.rst
hfsplus.rst
hpfs.rst
idmappings.rst
index.rst
inotify.rst
isofs.rst
journalling.rst
locking.rst rename(): fix the locking of subdirectories 2024-01-31 16:17:02 -08:00
locks.rst
mount_api.rst
netfs_library.rst
nilfs2.rst
ntfs3.rst
ntfs.rst
ocfs2-online-filecheck.rst
ocfs2.rst
omfs.rst
orangefs.rst
overlayfs.rst
path-lookup.rst
path-lookup.txt
porting.rst rename(): fix the locking of subdirectories 2024-01-31 16:17:02 -08:00
proc.rst
qnx6.rst
quota.rst
ramfs-rootfs-initramfs.rst
relay.rst
romfs.rst
seq_file.rst
sharedsubtree.rst
splice.rst
squashfs.rst
sysfs.rst
sysv-fs.rst
tmpfs.rst
ubifs-authentication.rst
ubifs.rst
udf.rst
vfat.rst
vfs.rst
virtiofs.rst
xfs-delayed-logging-design.rst
xfs-self-describing-metadata.rst
zonefs.rst