Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp6904775rwb; Wed, 18 Jan 2023 10:48:40 -0800 (PST) X-Google-Smtp-Source: AMrXdXvRBUUI8RjKKoYUTBFwKxmUTZmFUgsBFnbs0ThrvHFGSohX5FTtPbvxd2Bqa8ZmTEI0xQBC X-Received: by 2002:a17:907:c713:b0:78d:f454:ba3d with SMTP id ty19-20020a170907c71300b0078df454ba3dmr4724527ejc.60.1674067720679; Wed, 18 Jan 2023 10:48:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674067720; cv=none; d=google.com; s=arc-20160816; b=JR0TCKVGWe+O9ZZqwioHRLqXZlpNZNYxoqeoh0BFgZ5unqLSODdIn3HKh8+PBD5t2p fH3tdpgmw3rW8UINHGl3JN7RsigU75LA8j7rSD+BKdPQlaZ5JUnCmHzJLTkrJxY48XYL 9fmtvDiSqk+qFR3KqAvPDlmN6Rq/xfSBFQz8ZBOhYZeMvJTPEtxB3cgqWY9Z7tfKM1GO xXtUAthxC+0JfMOBp1FuITzThLwznKUjWCLJPUeCK0/7EU4+InJnZLNXmuD/D0KBusDY HPUb/JC3J3jTNGGSf6ZkSUrCKCGHH/5xhKJOJEwBX0jCWliOChzDLv/dn+XDn/q5hTtx Voqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature :dkim-signature; bh=TPccA2uuS0AFrMoJ1hmVgCf/qhWS0ww6ghIk/2y8wLY=; b=Sy+RGQkHfEob3BR3PcFtkZTQlSWekp4tXoSD4dEnhQLU2bfEQGCZ19kethVztF9jgH lTYLu//pvwNCROg/zQxaC84eIBsNRLMdxYRZ4DuHcEKSUWaw8ztBCMp8mcoXkfibOXbv 3CvZQXVEHz68eH6dSleSzWMGC/3GXysyj1H9hR7nzgwZGPGEDhCfq0fd55G/Xxl42F9I ul5zSavyjiwH/DsicsgSDfT1ryO0DIka0iPGAWJ/rXvwOeUx0/dq6xPru97DTC0/H8Zx vKlqFX32ISm2cRnxN5iW36vqciAG09M9MyjHDnmZARagIOEqQ733bdMeIYISLLIxwPlw rZKw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b="b/pkxr7D"; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519 header.b=SzeoPBoe; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id rh19-20020a17090720f300b0087138223e06si7475557ejb.903.2023.01.18.10.48.04; Wed, 18 Jan 2023 10:48:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.cz header.s=susede2_rsa header.b="b/pkxr7D"; dkim=neutral (no key) header.i=@suse.cz header.s=susede2_ed25519 header.b=SzeoPBoe; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229479AbjARSlo (ORCPT + 99 others); Wed, 18 Jan 2023 13:41:44 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59044 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229476AbjARSlo (ORCPT ); Wed, 18 Jan 2023 13:41:44 -0500 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4842C10F0; Wed, 18 Jan 2023 10:41:43 -0800 (PST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id E665A3F194; Wed, 18 Jan 2023 18:41:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1674067301; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=TPccA2uuS0AFrMoJ1hmVgCf/qhWS0ww6ghIk/2y8wLY=; b=b/pkxr7DosgKELvvNrVDH0z2KcxsZSjlKVMYlx3CQsQzmNO65aEnMSCaCGXZYLAuufi/oY kXdz5mFM7rFz5DtsNjUEncMrqMiUAZL3Cnvb1q95udiVdULoelZWmoMN3cb5WNAPwNwVLV CKNN1gnxH2y9xNihyDYEID/QuWdPsoI= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1674067301; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=TPccA2uuS0AFrMoJ1hmVgCf/qhWS0ww6ghIk/2y8wLY=; b=SzeoPBoe8vwR4dd+NU0w5W/ZPuVM/8pUjYK4lgM5isVBad6ThwD7KYYLaXyQVBA0hFTgUc gowffcp8nqQ1h4AQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id D00BE138FE; Wed, 18 Jan 2023 18:41:41 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id tv/AMmU9yGP3bAAAMHmgww (envelope-from ); Wed, 18 Jan 2023 18:41:41 +0000 Received: by quack3.suse.cz (Postfix, from userid 1000) id 34CDFA06B2; Wed, 18 Jan 2023 19:41:41 +0100 (CET) Date: Wed, 18 Jan 2023 19:41:41 +0100 From: Jan Kara To: Al Viro Cc: Jan Kara , linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, Ted Tso , linux-xfs@vger.kernel.org Subject: Re: Locking issue with directory renames Message-ID: <20230118184141.pppaeg7wcj3ierae@quack3> References: <20230117123735.un7wbamlbdihninm@quack3> <20230118091036.qqscls22q6htxscf@quack3> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Wed 18-01-23 16:30:06, Al Viro wrote: > On Wed, Jan 18, 2023 at 10:10:36AM +0100, Jan Kara wrote: > > > > > Yes, we can lock the source inode in ->rename() if we need it. The snag is > > that if 'target' exists, it is already locked so when locking 'source' we > > are possibly not following the VFS lock ordering of i_rwsem by inode > > address (I don't think it can cause any real dealock but still it looks > > suspicious). Also we'll have to lock with I_MUTEX_NONDIR2 lockdep class to > > make lockdep happy but that's just a minor annoyance. Finally, we'll have > > to check for RENAME_EXCHANGE because in that case, both source and target > > will be already locked. Thus if we do the additional locking in the > > filesystem, we will leak quite some details about rename locking into the > > filesystem which seems undesirable to me. > > Rules for inode locks are simple: > * directories before non-directories > * ancestors before descendents > * for non-directories the ordering is by in-core inode address > > So the instances that need that extra lock would do that when source is > a directory and non RENAME_EXCHANGE is given. Having the target already > locked is irrelevant - if it exists, it's already checked to be a directory > as well, and had it been a descendent of source, we would have already > found that and failed with -ELOOP. > > If A and B are both directories, there's no ordering between them unless > one is an ancestor of another - such can be locked in any order. > However, one of the following must be true: > * C is locked and both A and B had been observed to be children of C > after the lock on C had been acquired, or > * ->s_vfs_rename_mutex is held for the filesystem containing both > A and B. > > Note that ->s_vfs_rename_mutex is there to stabilize the tree topology and > make "is A an ancestor of B?" possible to check for more than "A is locked, > B is a child of A, so A will remain its ancestor until unlocked"... OK, fair enough. I'll fix things inside UDF and ext4. Honza -- Jan Kara SUSE Labs, CR