Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp5924964pxv; Wed, 7 Jul 2021 15:13:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwvELBl7yFkGJO/4bUKKMsEzYZFylVHW7sxuaD7XiP3pkfUj9C+48ftSafGNClwqLHt4eru X-Received: by 2002:a05:6402:49a:: with SMTP id k26mr33288193edv.279.1625696025853; Wed, 07 Jul 2021 15:13:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625696025; cv=none; d=google.com; s=arc-20160816; b=QqiGuu6PINg1DU4iFfjjqtd7JmSrFFIxuDOp2xrCl7M/NGHrWyTgGmEt3r+rq6V0Z7 6NE1Z8aosg6GLX5AXtYIFWiXyQK0x/Vo5P/UEjAr9bxKAlkvfZ7fQQbMSHABCKLXuijP /wFD/YI4I3ILJlmOpp4ijjGtLBvssskgKg1k5NvlXVE++Wjr6oPTpa3tBsUQLOgACxyw Fl+S9KNL8KZMjyw/cKvNJGbRH7Kt/jZVm0mDZNxDHmfUusr/1JOofefMp/zPaCr0lQCF bvPqQpli1SPurqvm4myYYMbgwjBhIpGcI78KvzxjrsJHA9/1YeyS3Zl3jHtRGeDQqxAb 0Zsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:subject:cc:to:from:date :dkim-signature; bh=zBNfbXpBNmhb98xHVWiDj3Sr7g66ZNi5yrexACG3dvg=; b=IV/8dy6tBdw2WYa/Lt+ZLubZaTi0ccRX09VvIM7rmkpNZPUH3uMeFrLh0z2ilAHiCO cXghcW2bOl9U1SkIRs6OdJDDjPDKbHLAMUAAgUUTsbyaSszaSsgQGMkRTjSW2LSmTDos YggcgnKik0FAwPT8+Z71M/gwG0Bz4JmaS8DI147NMP489Vh1RTZZA6QwM4cuIwDA+Xa/ 5l5CCghUPkAzLprFvEWOx4LpEafJs+jnACbVgwV+ifxXMZ/kdFwlsSgvrjmEDcfN0RmH qFB/+i/olbV2CbgtAbVAmq8EHD3XwNN6AEWxlkPHkNPJeTUHHCtsd2PKH79Rhe/LBp3S iCTQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=jCJGhylB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id eb21si302514ejc.42.2021.07.07.15.13.22; Wed, 07 Jul 2021 15:13:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=jCJGhylB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230208AbhGGUv2 (ORCPT + 99 others); Wed, 7 Jul 2021 16:51:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41182 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230127AbhGGUv0 (ORCPT ); Wed, 7 Jul 2021 16:51:26 -0400 Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4B888C06175F for ; Wed, 7 Jul 2021 13:48:45 -0700 (PDT) Received: by mail-qt1-x82c.google.com with SMTP id f12so2099075qtf.5 for ; Wed, 07 Jul 2021 13:48:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version; bh=zBNfbXpBNmhb98xHVWiDj3Sr7g66ZNi5yrexACG3dvg=; b=jCJGhylBGo9mRXeanuHxRZhhCCj3FSkm/awSCUEKQKqMx9tVfHNnBrsbeHDlwt/nmi E68+XL2JLUjHozPXu3hkUm4K88OTTEtvtr0xDMn7cXcBK8ubwJyUUgN9VaE5kh7FdYi4 nzsGwi8A+4ipjXOujnZToWdksv5Nsji/eT12341ovf7AtqB369rG+kRIrMhAgM1qdaIz vg0bWF4bKZbsGvU5fOgpRcHEnTHA3tvREGHW+Dz04OGfdMD1ty6N7RkiLpP7L6rh9RG0 gUBjj7exxUDQvJpp7TMC65MsqL8IgpxhQK7eLnwshBcl5SdrzMPjPoxyeyvxXbozjTv4 KXlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version; bh=zBNfbXpBNmhb98xHVWiDj3Sr7g66ZNi5yrexACG3dvg=; b=sv47obnm0K3fbXXlJLxs4XucDJM9vOwxmCN8v1Ph7pKNfrOTjKgPJqR7QK6h+93GVx 6wCxmrL3P4ITxGi+phwb/tinhBN+m4WUIjJdmaKeYGuHJeIPH6zQdvkZL24da+5Emf7u qeFIIWLIauWVVcT1nXQnUC9Pq8GAmYzp7bwvbLsw+vxGo28tjXWwAe/JEvTcZfqZBv+g C4tcHq9Mide6r0Eh1+tLw80FoP50Q1z74cL0gfsvGNi+0fLE7PBf4hLgH/II9jwH6nBv hikQ9XnfLPMxRkw4qVNv5HztR9Y++lF3K9GIYpwJVnIWnBPvwnNWAtAc5yubFsRWVpB6 eqfw== X-Gm-Message-State: AOAM5314hd0DdL7lLp+RCZ8aIg6xoXwcw4ia7u33hS7b3cG/zjN8wYFE zhcpgkk4a3xxxz/Tk04uCKiLRQ== X-Received: by 2002:ac8:59d5:: with SMTP id f21mr24231595qtf.126.1625690924098; Wed, 07 Jul 2021 13:48:44 -0700 (PDT) Received: from ripple.attlocal.net (172-10-233-147.lightspeed.sntcca.sbcglobal.net. [172.10.233.147]) by smtp.gmail.com with ESMTPSA id 6sm34991qkn.83.2021.07.07.13.48.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Jul 2021 13:48:43 -0700 (PDT) Date: Wed, 7 Jul 2021 13:48:31 -0700 (PDT) From: Hugh Dickins X-X-Sender: hugh@ripple.anvils To: Andrew Morton cc: Hugh Dickins , Al Viro , Christoph Hellwig , Willy Tarreau , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org Subject: [PATCH] fs, mm: fix race in unlinking swapfile Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We had a recurring situation in which admin procedures setting up swapfiles would race with test preparation clearing away swapfiles; and just occasionally that got stuck on a swapfile "(deleted)" which could never be swapped off. That is not supposed to be possible. 2.6.28 commit f9454548e17c ("don't unlink an active swapfile") admitted that it was leaving a race window open: now close it. may_delete() makes the IS_SWAPFILE check (amongst many others) before inode_lock has been taken on target: now repeat just that simple check in vfs_unlink() and vfs_rename(), after taking inode_lock. Which goes most of the way to fixing the race, but swapon() must also check after it acquires inode_lock, that the file just opened has not already been unlinked. Fixes: f9454548e17c ("don't unlink an active swapfile") Signed-off-by: Hugh Dickins --- fs/namei.c | 8 +++++++- mm/swapfile.c | 6 ++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index bf6d8a738c59..ff866c07f4d2 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -4024,7 +4024,9 @@ int vfs_unlink(struct user_namespace *mnt_userns, struct inode *dir, return -EPERM; inode_lock(target); - if (is_local_mountpoint(dentry)) + if (IS_SWAPFILE(target)) + error = -EPERM; + else if (is_local_mountpoint(dentry)) error = -EBUSY; else { error = security_inode_unlink(dir, dentry); @@ -4526,6 +4528,10 @@ int vfs_rename(struct renamedata *rd) else if (target) inode_lock(target); + error = -EPERM; + if (IS_SWAPFILE(source) || (target && IS_SWAPFILE(target))) + goto out; + error = -EBUSY; if (is_local_mountpoint(old_dentry) || is_local_mountpoint(new_dentry)) goto out; diff --git a/mm/swapfile.c b/mm/swapfile.c index 1e07d1c776f2..7527afd95284 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -3130,6 +3130,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) struct filename *name; struct file *swap_file = NULL; struct address_space *mapping; + struct dentry *dentry; int prio; int error; union swap_header *swap_header; @@ -3173,6 +3174,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) p->swap_file = swap_file; mapping = swap_file->f_mapping; + dentry = swap_file->f_path.dentry; inode = mapping->host; error = claim_swapfile(p, inode); @@ -3180,6 +3182,10 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) goto bad_swap; inode_lock(inode); + if (d_unlinked(dentry) || cant_mount(dentry)) { + error = -ENOENT; + goto bad_swap_unlock_inode; + } if (IS_SWAPFILE(inode)) { error = -EBUSY; goto bad_swap_unlock_inode; -- 2.26.2