diff --git a/debian/changelog b/debian/changelog index fb7d2b953..e071c6a12 100644 --- a/debian/changelog +++ b/debian/changelog @@ -114,6 +114,11 @@ linux (3.16.7-ckt3-1) UNRELEASED; urgency=medium (Closes: #774155) (CVE-2014-9428) * KEYS: close race between key lookup and freeing (CVE-2014-9529) * isofs: Fix unchecked printing of ER records (CVE-2014-9584) + * vfs: Fix potential deadlock in dcache (CVE-2014-8559) + - move d_rcu from overlapping d_child to overlapping d_alias + - aufs: move d_rcu from overlapping d_child to overlapping d_alias + - vfs: Avoid ABI change for dentry union changes + - deal with deadlock in d_walk() [ Ian Campbell ] * [armhf] Enable support for support OMAP5432 uEVM by enabling: diff --git a/debian/patches/bugfix/all/aufs-move-d_rcu-from-overlapping-d_child-to-overlapping-d.patch b/debian/patches/bugfix/all/aufs-move-d_rcu-from-overlapping-d_child-to-overlapping-d.patch new file mode 100644 index 000000000..9c536893e --- /dev/null +++ b/debian/patches/bugfix/all/aufs-move-d_rcu-from-overlapping-d_child-to-overlapping-d.patch @@ -0,0 +1,71 @@ +From: Ben Hutchings +Date: Mon, 12 Jan 2015 04:12:45 +0000 +Subject: aufs: move d_rcu from overlapping d_child to overlapping d_alias +Forwarded: not-needed + +Apply the renaming from commit 946e51f2bf37f1656916eb75bd0742ba33983c28 +upstream to aufs. + +--- +--- a/fs/aufs/dcsub.c ++++ b/fs/aufs/dcsub.c +@@ -134,7 +134,7 @@ resume: + while (next != &this_parent->d_subdirs) { + struct list_head *tmp = next; + struct dentry *dentry = list_entry(tmp, struct dentry, +- d_u.d_child); ++ d_child); + + next = tmp->next; + spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED); +@@ -170,7 +170,7 @@ resume: + this_parent = tmp; + spin_lock(&this_parent->d_lock); + rcu_read_unlock(); +- next = child->d_u.d_child.next; ++ next = child->d_child.next; + goto resume; + } + +--- a/fs/aufs/debug.c ++++ b/fs/aufs/debug.c +@@ -169,7 +169,7 @@ void au_dpri_dalias(struct inode *inode) + struct dentry *d; + + spin_lock(&inode->i_lock); +- hlist_for_each_entry(d, &inode->i_dentry, d_alias) ++ hlist_for_each_entry(d, &inode->i_dentry, d_u.d_alias) + au_dpri_dentry(d); + spin_unlock(&inode->i_lock); + } +--- a/fs/aufs/export.c ++++ b/fs/aufs/export.c +@@ -243,7 +243,7 @@ static struct dentry *decode_by_ino(stru + dentry = d_find_alias(inode); + else { + spin_lock(&inode->i_lock); +- hlist_for_each_entry(d, &inode->i_dentry, d_alias) { ++ hlist_for_each_entry(d, &inode->i_dentry, d_u.d_alias) { + spin_lock(&d->d_lock); + if (!au_test_anon(d) + && d->d_parent->d_inode->i_ino == dir_ino) { +--- a/fs/aufs/hnotify.c ++++ b/fs/aufs/hnotify.c +@@ -211,7 +211,7 @@ static int hn_gen_by_inode(char *name, u + AuDebugOn(!name); + au_iigen_dec(inode); + spin_lock(&inode->i_lock); +- hlist_for_each_entry(d, &inode->i_dentry, d_alias) { ++ hlist_for_each_entry(d, &inode->i_dentry, d_u.d_alias) { + spin_lock(&d->d_lock); + dname = &d->d_name; + if (dname->len != nlen +@@ -378,7 +378,7 @@ static struct dentry *lookup_wlock_by_na + + dentry = NULL; + spin_lock(&parent->d_lock); +- list_for_each_entry(d, &parent->d_subdirs, d_u.d_child) { ++ list_for_each_entry(d, &parent->d_subdirs, d_child) { + /* AuDbg("%pd\n", d); */ + spin_lock_nested(&d->d_lock, DENTRY_D_LOCK_NESTED); + dname = &d->d_name; diff --git a/debian/patches/bugfix/all/deal-with-deadlock-in-d_walk.patch b/debian/patches/bugfix/all/deal-with-deadlock-in-d_walk.patch new file mode 100644 index 000000000..87c868341 --- /dev/null +++ b/debian/patches/bugfix/all/deal-with-deadlock-in-d_walk.patch @@ -0,0 +1,82 @@ +From: Al Viro +Date: Sun, 26 Oct 2014 19:31:10 -0400 +Subject: deal with deadlock in d_walk() +Origin: https://git.kernel.org/linus/ca5358ef75fc69fee5322a38a340f5739d997c10 + +... by not hitting rename_retry for reasons other than rename having +happened. In other words, do _not_ restart when finding that +between unlocking the child and locking the parent the former got +into __dentry_kill(). Skip the killed siblings instead... + +Signed-off-by: Al Viro +--- + fs/dcache.c | 31 ++++++++++++++++--------------- + 1 file changed, 16 insertions(+), 15 deletions(-) + +--- a/fs/dcache.c ++++ b/fs/dcache.c +@@ -484,7 +484,7 @@ static void __dentry_kill(struct dentry + } + /* if it was on the hash then remove it */ + __d_drop(dentry); +- list_del(&dentry->d_child); ++ __list_del_entry(&dentry->d_child); + /* + * Inform d_walk() that we are no longer attached to the + * dentry tree +@@ -1138,33 +1138,31 @@ resume: + /* + * All done at this level ... ascend and resume the search. + */ ++ rcu_read_lock(); ++ascend: + if (this_parent != parent) { + struct dentry *child = this_parent; + this_parent = child->d_parent; + +- rcu_read_lock(); + spin_unlock(&child->d_lock); + spin_lock(&this_parent->d_lock); + +- /* +- * might go back up the wrong parent if we have had a rename +- * or deletion +- */ +- if (this_parent != child->d_parent || +- (child->d_flags & DCACHE_DENTRY_KILLED) || +- need_seqretry(&rename_lock, seq)) { +- spin_unlock(&this_parent->d_lock); +- rcu_read_unlock(); ++ /* might go back up the wrong parent if we have had a rename. */ ++ if (need_seqretry(&rename_lock, seq)) + goto rename_retry; ++ next = child->d_child.next; ++ while (unlikely(child->d_flags & DCACHE_DENTRY_KILLED)) { ++ if (next == &this_parent->d_subdirs) ++ goto ascend; ++ child = list_entry(next, struct dentry, d_child); ++ next = next->next; + } + rcu_read_unlock(); +- next = child->d_child.next; + goto resume; + } +- if (need_seqretry(&rename_lock, seq)) { +- spin_unlock(&this_parent->d_lock); ++ if (need_seqretry(&rename_lock, seq)) + goto rename_retry; +- } ++ rcu_read_unlock(); + if (finish) + finish(data); + +@@ -1174,6 +1172,9 @@ out_unlock: + return; + + rename_retry: ++ spin_unlock(&this_parent->d_lock); ++ rcu_read_unlock(); ++ BUG_ON(seq & 1); + if (!retry) + return; + seq = 1; diff --git a/debian/patches/bugfix/all/move-d_rcu-from-overlapping-d_child-to-overlapping-d.patch b/debian/patches/bugfix/all/move-d_rcu-from-overlapping-d_child-to-overlapping-d.patch new file mode 100644 index 000000000..f5957410e --- /dev/null +++ b/debian/patches/bugfix/all/move-d_rcu-from-overlapping-d_child-to-overlapping-d.patch @@ -0,0 +1,714 @@ +From: Al Viro +Date: Sun, 26 Oct 2014 19:19:16 -0400 +Subject: move d_rcu from overlapping d_child to overlapping d_alias +Origin: https://git.kernel.org/linus/946e51f2bf37f1656916eb75bd0742ba33983c28 + +Signed-off-by: Al Viro +[bwh: Backported to 3.16: + - Apply name changes in all the different places we use d_alias and d_child + - Adjust context] +--- + arch/powerpc/platforms/cell/spufs/inode.c | 2 +- + drivers/staging/lustre/lustre/llite/dcache.c | 2 +- + drivers/staging/lustre/lustre/llite/llite_lib.c | 2 +- + drivers/staging/lustre/lustre/llite/namei.c | 8 ++-- + fs/affs/amigaffs.c | 2 +- + fs/autofs4/expire.c | 12 +++--- + fs/autofs4/root.c | 2 +- + fs/ceph/dir.c | 8 ++-- + fs/ceph/inode.c | 2 +- + fs/cifs/inode.c | 2 +- + fs/coda/cache.c | 2 +- + fs/dcache.c | 53 ++++++++++++------------- + fs/debugfs/inode.c | 2 +- + fs/exportfs/expfs.c | 2 +- + fs/libfs.c | 12 +++--- + fs/ncpfs/dir.c | 2 +- + fs/ncpfs/ncplib_kernel.h | 4 +- + fs/nfs/getroot.c | 2 +- + fs/notify/fsnotify.c | 4 +- + fs/ocfs2/dcache.c | 2 +- + include/linux/dcache.h | 8 ++-- + kernel/trace/trace.c | 4 +- + kernel/trace/trace_events.c | 2 +- + security/selinux/selinuxfs.c | 6 +-- + 24 files changed, 73 insertions(+), 74 deletions(-) + +--- a/arch/powerpc/platforms/cell/spufs/inode.c ++++ b/arch/powerpc/platforms/cell/spufs/inode.c +@@ -164,7 +164,7 @@ static void spufs_prune_dir(struct dentr + struct dentry *dentry, *tmp; + + mutex_lock(&dir->d_inode->i_mutex); +- list_for_each_entry_safe(dentry, tmp, &dir->d_subdirs, d_u.d_child) { ++ list_for_each_entry_safe(dentry, tmp, &dir->d_subdirs, d_child) { + spin_lock(&dentry->d_lock); + if (!(d_unhashed(dentry)) && dentry->d_inode) { + dget_dlock(dentry); +--- a/drivers/staging/lustre/lustre/llite/dcache.c ++++ b/drivers/staging/lustre/lustre/llite/dcache.c +@@ -258,7 +258,7 @@ void ll_invalidate_aliases(struct inode + inode->i_ino, inode->i_generation, inode); + + ll_lock_dcache(inode); +- ll_d_hlist_for_each_entry(dentry, p, &inode->i_dentry, d_alias) { ++ ll_d_hlist_for_each_entry(dentry, p, &inode->i_dentry, d_u.d_alias) { + CDEBUG(D_DENTRY, "dentry in drop %.*s (%p) parent %p " + "inode %p flags %d\n", dentry->d_name.len, + dentry->d_name.name, dentry, dentry->d_parent, +--- a/drivers/staging/lustre/lustre/llite/llite_lib.c ++++ b/drivers/staging/lustre/lustre/llite/llite_lib.c +@@ -704,7 +704,7 @@ void lustre_dump_dentry(struct dentry *d + return; + + list_for_each(tmp, &dentry->d_subdirs) { +- struct dentry *d = list_entry(tmp, struct dentry, d_u.d_child); ++ struct dentry *d = list_entry(tmp, struct dentry, d_child); + lustre_dump_dentry(d, recur - 1); + } + } +--- a/drivers/staging/lustre/lustre/llite/namei.c ++++ b/drivers/staging/lustre/lustre/llite/namei.c +@@ -167,14 +167,14 @@ static void ll_invalidate_negative_child + struct ll_d_hlist_node *p; + + ll_lock_dcache(dir); +- ll_d_hlist_for_each_entry(dentry, p, &dir->i_dentry, d_alias) { ++ ll_d_hlist_for_each_entry(dentry, p, &dir->i_dentry, d_u.d_alias) { + spin_lock(&dentry->d_lock); + if (!list_empty(&dentry->d_subdirs)) { + struct dentry *child; + + list_for_each_entry_safe(child, tmp_subdir, + &dentry->d_subdirs, +- d_u.d_child) { ++ d_child) { + if (child->d_inode == NULL) + d_lustre_invalidate(child, 1); + } +@@ -362,7 +362,7 @@ static struct dentry *ll_find_alias(stru + discon_alias = invalid_alias = NULL; + + ll_lock_dcache(inode); +- ll_d_hlist_for_each_entry(alias, p, &inode->i_dentry, d_alias) { ++ ll_d_hlist_for_each_entry(alias, p, &inode->i_dentry, d_u.d_alias) { + LASSERT(alias != dentry); + + spin_lock(&alias->d_lock); +@@ -943,7 +943,7 @@ static void ll_get_child_fid(struct inod + { + struct dentry *parent, *child; + +- parent = ll_d_hlist_entry(dir->i_dentry, struct dentry, d_alias); ++ parent = ll_d_hlist_entry(dir->i_dentry, struct dentry, d_u.d_alias); + child = d_lookup(parent, name); + if (child) { + if (child->d_inode) +--- a/fs/affs/amigaffs.c ++++ b/fs/affs/amigaffs.c +@@ -127,7 +127,7 @@ affs_fix_dcache(struct inode *inode, u32 + { + struct dentry *dentry; + spin_lock(&inode->i_lock); +- hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) { ++ hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) { + if (entry_ino == (u32)(long)dentry->d_fsdata) { + dentry->d_fsdata = (void *)inode->i_ino; + break; +--- a/fs/autofs4/expire.c ++++ b/fs/autofs4/expire.c +@@ -91,7 +91,7 @@ static struct dentry *get_next_positive_ + spin_lock(&root->d_lock); + + if (prev) +- next = prev->d_u.d_child.next; ++ next = prev->d_child.next; + else { + prev = dget_dlock(root); + next = prev->d_subdirs.next; +@@ -105,13 +105,13 @@ cont: + return NULL; + } + +- q = list_entry(next, struct dentry, d_u.d_child); ++ q = list_entry(next, struct dentry, d_child); + + spin_lock_nested(&q->d_lock, DENTRY_D_LOCK_NESTED); + /* Already gone or negative dentry (under construction) - try next */ + if (!d_count(q) || !simple_positive(q)) { + spin_unlock(&q->d_lock); +- next = q->d_u.d_child.next; ++ next = q->d_child.next; + goto cont; + } + dget_dlock(q); +@@ -161,13 +161,13 @@ again: + goto relock; + } + spin_unlock(&p->d_lock); +- next = p->d_u.d_child.next; ++ next = p->d_child.next; + p = parent; + if (next != &parent->d_subdirs) + break; + } + } +- ret = list_entry(next, struct dentry, d_u.d_child); ++ ret = list_entry(next, struct dentry, d_child); + + spin_lock_nested(&ret->d_lock, DENTRY_D_LOCK_NESTED); + /* Negative dentry - try next */ +@@ -461,7 +461,7 @@ found: + spin_lock(&sbi->lookup_lock); + spin_lock(&expired->d_parent->d_lock); + spin_lock_nested(&expired->d_lock, DENTRY_D_LOCK_NESTED); +- list_move(&expired->d_parent->d_subdirs, &expired->d_u.d_child); ++ list_move(&expired->d_parent->d_subdirs, &expired->d_child); + spin_unlock(&expired->d_lock); + spin_unlock(&expired->d_parent->d_lock); + spin_unlock(&sbi->lookup_lock); +--- a/fs/autofs4/root.c ++++ b/fs/autofs4/root.c +@@ -655,7 +655,7 @@ static void autofs_clear_leaf_automount_ + /* only consider parents below dentrys in the root */ + if (IS_ROOT(parent->d_parent)) + return; +- d_child = &dentry->d_u.d_child; ++ d_child = &dentry->d_child; + /* Set parent managed if it's becoming empty */ + if (d_child->next == &parent->d_subdirs && + d_child->prev == &parent->d_subdirs) +--- a/fs/ceph/dir.c ++++ b/fs/ceph/dir.c +@@ -111,7 +111,7 @@ static int fpos_cmp(loff_t l, loff_t r) + /* + * When possible, we try to satisfy a readdir by peeking at the + * dcache. We make this work by carefully ordering dentries on +- * d_u.d_child when we initially get results back from the MDS, and ++ * d_child when we initially get results back from the MDS, and + * falling back to a "normal" sync readdir if any dentries in the dir + * are dropped. + * +@@ -147,11 +147,11 @@ static int __dcache_readdir(struct file + p = parent->d_subdirs.prev; + dout(" initial p %p/%p\n", p->prev, p->next); + } else { +- p = last->d_u.d_child.prev; ++ p = last->d_child.prev; + } + + more: +- dentry = list_entry(p, struct dentry, d_u.d_child); ++ dentry = list_entry(p, struct dentry, d_child); + di = ceph_dentry(dentry); + while (1) { + dout(" p %p/%p %s d_subdirs %p/%p\n", p->prev, p->next, +@@ -174,7 +174,7 @@ more: + !dentry->d_inode ? " null" : ""); + spin_unlock(&dentry->d_lock); + p = p->prev; +- dentry = list_entry(p, struct dentry, d_u.d_child); ++ dentry = list_entry(p, struct dentry, d_child); + di = ceph_dentry(dentry); + } + +--- a/fs/ceph/inode.c ++++ b/fs/ceph/inode.c +@@ -1399,7 +1399,7 @@ retry_lookup: + /* reorder parent's d_subdirs */ + spin_lock(&parent->d_lock); + spin_lock_nested(&dn->d_lock, DENTRY_D_LOCK_NESTED); +- list_move(&dn->d_u.d_child, &parent->d_subdirs); ++ list_move(&dn->d_child, &parent->d_subdirs); + spin_unlock(&dn->d_lock); + spin_unlock(&parent->d_lock); + } +--- a/fs/cifs/inode.c ++++ b/fs/cifs/inode.c +@@ -887,7 +887,7 @@ inode_has_hashed_dentries(struct inode * + struct dentry *dentry; + + spin_lock(&inode->i_lock); +- hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) { ++ hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) { + if (!d_unhashed(dentry) || IS_ROOT(dentry)) { + spin_unlock(&inode->i_lock); + return true; +--- a/fs/coda/cache.c ++++ b/fs/coda/cache.c +@@ -92,7 +92,7 @@ static void coda_flag_children(struct de + struct dentry *de; + + spin_lock(&parent->d_lock); +- list_for_each_entry(de, &parent->d_subdirs, d_u.d_child) { ++ list_for_each_entry(de, &parent->d_subdirs, d_child) { + /* don't know what to do with negative dentries */ + if (de->d_inode ) + coda_flag_inode(de->d_inode, flag); +--- a/fs/dcache.c ++++ b/fs/dcache.c +@@ -44,7 +44,7 @@ + /* + * Usage: + * dcache->d_inode->i_lock protects: +- * - i_dentry, d_alias, d_inode of aliases ++ * - i_dentry, d_u.d_alias, d_inode of aliases + * dcache_hash_bucket lock protects: + * - the dcache hash table + * s_anon bl list spinlock protects: +@@ -59,7 +59,7 @@ + * - d_unhashed() + * - d_parent and d_subdirs + * - childrens' d_child and d_parent +- * - d_alias, d_inode ++ * - d_u.d_alias, d_inode + * + * Ordering: + * dentry->d_inode->i_lock +@@ -239,7 +239,6 @@ static void __d_free(struct rcu_head *he + { + struct dentry *dentry = container_of(head, struct dentry, d_u.d_rcu); + +- WARN_ON(!hlist_unhashed(&dentry->d_alias)); + if (dname_external(dentry)) + kfree(dentry->d_name.name); + kmem_cache_free(dentry_cache, dentry); +@@ -247,6 +246,8 @@ static void __d_free(struct rcu_head *he + + static void dentry_free(struct dentry *dentry) + { ++ WARN_ON(!hlist_unhashed(&dentry->d_u.d_alias)); ++ + /* if dentry was never visible to RCU, immediate free is OK */ + if (!(dentry->d_flags & DCACHE_RCUACCESS)) + __d_free(&dentry->d_u.d_rcu); +@@ -280,7 +281,7 @@ static void dentry_iput(struct dentry * + struct inode *inode = dentry->d_inode; + if (inode) { + dentry->d_inode = NULL; +- hlist_del_init(&dentry->d_alias); ++ hlist_del_init(&dentry->d_u.d_alias); + spin_unlock(&dentry->d_lock); + spin_unlock(&inode->i_lock); + if (!inode->i_nlink) +@@ -305,7 +306,7 @@ static void dentry_unlink_inode(struct d + struct inode *inode = dentry->d_inode; + __d_clear_type(dentry); + dentry->d_inode = NULL; +- hlist_del_init(&dentry->d_alias); ++ hlist_del_init(&dentry->d_u.d_alias); + dentry_rcuwalk_barrier(dentry); + spin_unlock(&dentry->d_lock); + spin_unlock(&inode->i_lock); +@@ -465,7 +466,7 @@ static void __dentry_kill(struct dentry + } + /* if it was on the hash then remove it */ + __d_drop(dentry); +- list_del(&dentry->d_u.d_child); ++ list_del(&dentry->d_child); + /* + * Inform d_walk() that we are no longer attached to the + * dentry tree +@@ -749,7 +750,7 @@ static struct dentry *__d_find_alias(str + + again: + discon_alias = NULL; +- hlist_for_each_entry(alias, &inode->i_dentry, d_alias) { ++ hlist_for_each_entry(alias, &inode->i_dentry, d_u.d_alias) { + spin_lock(&alias->d_lock); + if (S_ISDIR(inode->i_mode) || !d_unhashed(alias)) { + if (IS_ROOT(alias) && +@@ -802,7 +803,7 @@ void d_prune_aliases(struct inode *inode + struct dentry *dentry; + restart: + spin_lock(&inode->i_lock); +- hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) { ++ hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) { + spin_lock(&dentry->d_lock); + if (!dentry->d_lockref.count) { + /* +@@ -1087,7 +1088,7 @@ repeat: + resume: + while (next != &this_parent->d_subdirs) { + struct list_head *tmp = next; +- struct dentry *dentry = list_entry(tmp, struct dentry, d_u.d_child); ++ struct dentry *dentry = list_entry(tmp, struct dentry, d_child); + next = tmp->next; + + spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED); +@@ -1139,7 +1140,7 @@ resume: + goto rename_retry; + } + rcu_read_unlock(); +- next = child->d_u.d_child.next; ++ next = child->d_child.next; + goto resume; + } + if (need_seqretry(&rename_lock, seq)) { +@@ -1474,8 +1475,8 @@ struct dentry *__d_alloc(struct super_bl + INIT_HLIST_BL_NODE(&dentry->d_hash); + INIT_LIST_HEAD(&dentry->d_lru); + INIT_LIST_HEAD(&dentry->d_subdirs); +- INIT_HLIST_NODE(&dentry->d_alias); +- INIT_LIST_HEAD(&dentry->d_u.d_child); ++ INIT_HLIST_NODE(&dentry->d_u.d_alias); ++ INIT_LIST_HEAD(&dentry->d_child); + d_set_d_op(dentry, dentry->d_sb->s_d_op); + + this_cpu_inc(nr_dentry); +@@ -1505,7 +1506,7 @@ struct dentry *d_alloc(struct dentry * p + */ + __dget_dlock(parent); + dentry->d_parent = parent; +- list_add(&dentry->d_u.d_child, &parent->d_subdirs); ++ list_add(&dentry->d_child, &parent->d_subdirs); + spin_unlock(&parent->d_lock); + + return dentry; +@@ -1598,7 +1599,7 @@ static void __d_instantiate(struct dentr + spin_lock(&dentry->d_lock); + __d_set_type(dentry, add_flags); + if (inode) +- hlist_add_head(&dentry->d_alias, &inode->i_dentry); ++ hlist_add_head(&dentry->d_u.d_alias, &inode->i_dentry); + dentry->d_inode = inode; + dentry_rcuwalk_barrier(dentry); + spin_unlock(&dentry->d_lock); +@@ -1622,7 +1623,7 @@ static void __d_instantiate(struct dentr + + void d_instantiate(struct dentry *entry, struct inode * inode) + { +- BUG_ON(!hlist_unhashed(&entry->d_alias)); ++ BUG_ON(!hlist_unhashed(&entry->d_u.d_alias)); + if (inode) + spin_lock(&inode->i_lock); + __d_instantiate(entry, inode); +@@ -1661,7 +1662,7 @@ static struct dentry *__d_instantiate_un + return NULL; + } + +- hlist_for_each_entry(alias, &inode->i_dentry, d_alias) { ++ hlist_for_each_entry(alias, &inode->i_dentry, d_u.d_alias) { + /* + * Don't need alias->d_lock here, because aliases with + * d_parent == entry->d_parent are not subject to name or +@@ -1687,7 +1688,7 @@ struct dentry *d_instantiate_unique(stru + { + struct dentry *result; + +- BUG_ON(!hlist_unhashed(&entry->d_alias)); ++ BUG_ON(!hlist_unhashed(&entry->d_u.d_alias)); + + if (inode) + spin_lock(&inode->i_lock); +@@ -1718,7 +1719,7 @@ EXPORT_SYMBOL(d_instantiate_unique); + */ + int d_instantiate_no_diralias(struct dentry *entry, struct inode *inode) + { +- BUG_ON(!hlist_unhashed(&entry->d_alias)); ++ BUG_ON(!hlist_unhashed(&entry->d_u.d_alias)); + + spin_lock(&inode->i_lock); + if (S_ISDIR(inode->i_mode) && !hlist_empty(&inode->i_dentry)) { +@@ -1757,7 +1758,7 @@ static struct dentry * __d_find_any_alia + + if (hlist_empty(&inode->i_dentry)) + return NULL; +- alias = hlist_entry(inode->i_dentry.first, struct dentry, d_alias); ++ alias = hlist_entry(inode->i_dentry.first, struct dentry, d_u.d_alias); + __dget(alias); + return alias; + } +@@ -1834,7 +1835,7 @@ struct dentry *d_obtain_alias(struct ino + spin_lock(&tmp->d_lock); + tmp->d_inode = inode; + tmp->d_flags |= add_flags; +- hlist_add_head(&tmp->d_alias, &inode->i_dentry); ++ hlist_add_head(&tmp->d_u.d_alias, &inode->i_dentry); + hlist_bl_lock(&tmp->d_sb->s_anon); + hlist_bl_add_head(&tmp->d_hash, &tmp->d_sb->s_anon); + hlist_bl_unlock(&tmp->d_sb->s_anon); +@@ -2277,7 +2278,7 @@ int d_validate(struct dentry *dentry, st + struct dentry *child; + + spin_lock(&dparent->d_lock); +- list_for_each_entry(child, &dparent->d_subdirs, d_u.d_child) { ++ list_for_each_entry(child, &dparent->d_subdirs, d_child) { + if (dentry == child) { + spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED); + __dget_dlock(dentry); +@@ -2545,8 +2546,8 @@ static void __d_move(struct dentry *dent + d_hash(dentry->d_parent, dentry->d_name.hash)); + } + +- list_del(&dentry->d_u.d_child); +- list_del(&target->d_u.d_child); ++ list_del(&dentry->d_child); ++ list_del(&target->d_child); + + /* Switch the names.. */ + switch_names(dentry, target, exchange); +@@ -2555,15 +2556,15 @@ static void __d_move(struct dentry *dent + if (IS_ROOT(dentry)) { + dentry->d_parent = target->d_parent; + target->d_parent = target; +- INIT_LIST_HEAD(&target->d_u.d_child); ++ INIT_LIST_HEAD(&target->d_child); + } else { + swap(dentry->d_parent, target->d_parent); + + /* And add them back to the (new) parent lists */ +- list_add(&target->d_u.d_child, &target->d_parent->d_subdirs); ++ list_add(&target->d_child, &target->d_parent->d_subdirs); + } + +- list_add(&dentry->d_u.d_child, &dentry->d_parent->d_subdirs); ++ list_add(&dentry->d_child, &dentry->d_parent->d_subdirs); + + write_seqcount_end(&target->d_seq); + write_seqcount_end(&dentry->d_seq); +@@ -2690,9 +2691,9 @@ static void __d_materialise_dentry(struc + switch_names(dentry, anon, false); + + dentry->d_parent = dentry; +- list_del_init(&dentry->d_u.d_child); ++ list_del_init(&dentry->d_child); + anon->d_parent = dparent; +- list_move(&anon->d_u.d_child, &dparent->d_subdirs); ++ list_move(&anon->d_child, &dparent->d_subdirs); + + write_seqcount_end(&dentry->d_seq); + write_seqcount_end(&anon->d_seq); +@@ -3324,7 +3325,7 @@ void d_tmpfile(struct dentry *dentry, st + { + inode_dec_link_count(inode); + BUG_ON(dentry->d_name.name != dentry->d_iname || +- !hlist_unhashed(&dentry->d_alias) || ++ !hlist_unhashed(&dentry->d_u.d_alias) || + !d_unlinked(dentry)); + spin_lock(&dentry->d_parent->d_lock); + spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED); +--- a/fs/debugfs/inode.c ++++ b/fs/debugfs/inode.c +@@ -553,7 +553,7 @@ void debugfs_remove_recursive(struct den + * use the d_u.d_child as the rcu head and corrupt this list. + */ + spin_lock(&parent->d_lock); +- list_for_each_entry(child, &parent->d_subdirs, d_u.d_child) { ++ list_for_each_entry(child, &parent->d_subdirs, d_child) { + if (!debugfs_positive(child)) + continue; + +--- a/fs/exportfs/expfs.c ++++ b/fs/exportfs/expfs.c +@@ -50,7 +50,7 @@ find_acceptable_alias(struct dentry *res + + inode = result->d_inode; + spin_lock(&inode->i_lock); +- hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) { ++ hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) { + dget(dentry); + spin_unlock(&inode->i_lock); + if (toput) +--- a/fs/libfs.c ++++ b/fs/libfs.c +@@ -114,18 +114,18 @@ loff_t dcache_dir_lseek(struct file *fil + + spin_lock(&dentry->d_lock); + /* d_lock not required for cursor */ +- list_del(&cursor->d_u.d_child); ++ list_del(&cursor->d_child); + p = dentry->d_subdirs.next; + while (n && p != &dentry->d_subdirs) { + struct dentry *next; +- next = list_entry(p, struct dentry, d_u.d_child); ++ next = list_entry(p, struct dentry, d_child); + spin_lock_nested(&next->d_lock, DENTRY_D_LOCK_NESTED); + if (simple_positive(next)) + n--; + spin_unlock(&next->d_lock); + p = p->next; + } +- list_add_tail(&cursor->d_u.d_child, p); ++ list_add_tail(&cursor->d_child, p); + spin_unlock(&dentry->d_lock); + } + } +@@ -150,7 +150,7 @@ int dcache_readdir(struct file *file, st + { + struct dentry *dentry = file->f_path.dentry; + struct dentry *cursor = file->private_data; +- struct list_head *p, *q = &cursor->d_u.d_child; ++ struct list_head *p, *q = &cursor->d_child; + + if (!dir_emit_dots(file, ctx)) + return 0; +@@ -159,7 +159,7 @@ int dcache_readdir(struct file *file, st + list_move(q, &dentry->d_subdirs); + + for (p = q->next; p != &dentry->d_subdirs; p = p->next) { +- struct dentry *next = list_entry(p, struct dentry, d_u.d_child); ++ struct dentry *next = list_entry(p, struct dentry, d_child); + spin_lock_nested(&next->d_lock, DENTRY_D_LOCK_NESTED); + if (!simple_positive(next)) { + spin_unlock(&next->d_lock); +@@ -287,7 +287,7 @@ int simple_empty(struct dentry *dentry) + int ret = 0; + + spin_lock(&dentry->d_lock); +- list_for_each_entry(child, &dentry->d_subdirs, d_u.d_child) { ++ list_for_each_entry(child, &dentry->d_subdirs, d_child) { + spin_lock_nested(&child->d_lock, DENTRY_D_LOCK_NESTED); + if (simple_positive(child)) { + spin_unlock(&child->d_lock); +--- a/fs/ncpfs/dir.c ++++ b/fs/ncpfs/dir.c +@@ -406,7 +406,7 @@ ncp_dget_fpos(struct dentry *dentry, str + spin_lock(&parent->d_lock); + next = parent->d_subdirs.next; + while (next != &parent->d_subdirs) { +- dent = list_entry(next, struct dentry, d_u.d_child); ++ dent = list_entry(next, struct dentry, d_child); + if ((unsigned long)dent->d_fsdata == fpos) { + if (dent->d_inode) + dget(dent); +--- a/fs/ncpfs/ncplib_kernel.h ++++ b/fs/ncpfs/ncplib_kernel.h +@@ -194,7 +194,7 @@ ncp_renew_dentries(struct dentry *parent + spin_lock(&parent->d_lock); + next = parent->d_subdirs.next; + while (next != &parent->d_subdirs) { +- dentry = list_entry(next, struct dentry, d_u.d_child); ++ dentry = list_entry(next, struct dentry, d_child); + + if (dentry->d_fsdata == NULL) + ncp_age_dentry(server, dentry); +@@ -216,7 +216,7 @@ ncp_invalidate_dircache_entries(struct d + spin_lock(&parent->d_lock); + next = parent->d_subdirs.next; + while (next != &parent->d_subdirs) { +- dentry = list_entry(next, struct dentry, d_u.d_child); ++ dentry = list_entry(next, struct dentry, d_child); + dentry->d_fsdata = NULL; + ncp_age_dentry(server, dentry); + next = next->next; +--- a/fs/nfs/getroot.c ++++ b/fs/nfs/getroot.c +@@ -58,7 +58,7 @@ static int nfs_superblock_set_dummy_root + */ + spin_lock(&sb->s_root->d_inode->i_lock); + spin_lock(&sb->s_root->d_lock); +- hlist_del_init(&sb->s_root->d_alias); ++ hlist_del_init(&sb->s_root->d_u.d_alias); + spin_unlock(&sb->s_root->d_lock); + spin_unlock(&sb->s_root->d_inode->i_lock); + } +--- a/fs/notify/fsnotify.c ++++ b/fs/notify/fsnotify.c +@@ -63,14 +63,14 @@ void __fsnotify_update_child_dentry_flag + spin_lock(&inode->i_lock); + /* run all of the dentries associated with this inode. Since this is a + * directory, there damn well better only be one item on this list */ +- hlist_for_each_entry(alias, &inode->i_dentry, d_alias) { ++ hlist_for_each_entry(alias, &inode->i_dentry, d_u.d_alias) { + struct dentry *child; + + /* run all of the children of the original inode and fix their + * d_flags to indicate parental interest (their parent is the + * original inode) */ + spin_lock(&alias->d_lock); +- list_for_each_entry(child, &alias->d_subdirs, d_u.d_child) { ++ list_for_each_entry(child, &alias->d_subdirs, d_child) { + if (!child->d_inode) + continue; + +--- a/fs/ocfs2/dcache.c ++++ b/fs/ocfs2/dcache.c +@@ -172,7 +172,7 @@ struct dentry *ocfs2_find_local_alias(st + struct dentry *dentry; + + spin_lock(&inode->i_lock); +- hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) { ++ hlist_for_each_entry(dentry, &inode->i_dentry, d_u.d_alias) { + spin_lock(&dentry->d_lock); + if (ocfs2_match_dentry(dentry, parent_blkno, skip_unhashed)) { + trace_ocfs2_find_local_alias(dentry->d_name.len, +--- a/include/linux/dcache.h ++++ b/include/linux/dcache.h +@@ -124,15 +124,15 @@ struct dentry { + void *d_fsdata; /* fs-specific data */ + + struct list_head d_lru; /* LRU list */ ++ struct list_head d_child; /* child of parent list */ ++ struct list_head d_subdirs; /* our children */ + /* +- * d_child and d_rcu can share memory ++ * d_alias and d_rcu can share memory + */ + union { +- struct list_head d_child; /* child of parent list */ ++ struct hlist_node d_alias; /* inode alias list */ + struct rcu_head d_rcu; + } d_u; +- struct list_head d_subdirs; /* our children */ +- struct hlist_node d_alias; /* inode alias list */ + }; + + /* +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -6384,7 +6384,7 @@ static int instance_mkdir (struct inode + int ret; + + /* Paranoid: Make sure the parent is the "instances" directory */ +- parent = hlist_entry(inode->i_dentry.first, struct dentry, d_alias); ++ parent = hlist_entry(inode->i_dentry.first, struct dentry, d_u.d_alias); + if (WARN_ON_ONCE(parent != trace_instance_dir)) + return -ENOENT; + +@@ -6411,7 +6411,7 @@ static int instance_rmdir(struct inode * + int ret; + + /* Paranoid: Make sure the parent is the "instances" directory */ +- parent = hlist_entry(inode->i_dentry.first, struct dentry, d_alias); ++ parent = hlist_entry(inode->i_dentry.first, struct dentry, d_u.d_alias); + if (WARN_ON_ONCE(parent != trace_instance_dir)) + return -ENOENT; + +--- a/kernel/trace/trace_events.c ++++ b/kernel/trace/trace_events.c +@@ -459,7 +459,7 @@ static void remove_event_file_dir(struct + + if (dir) { + spin_lock(&dir->d_lock); /* probably unneeded */ +- list_for_each_entry(child, &dir->d_subdirs, d_u.d_child) { ++ list_for_each_entry(child, &dir->d_subdirs, d_child) { + if (child->d_inode) /* probably unneeded */ + child->d_inode->i_private = NULL; + } +--- a/security/selinux/selinuxfs.c ++++ b/security/selinux/selinuxfs.c +@@ -1200,7 +1200,7 @@ static void sel_remove_entries(struct de + spin_lock(&de->d_lock); + node = de->d_subdirs.next; + while (node != &de->d_subdirs) { +- struct dentry *d = list_entry(node, struct dentry, d_u.d_child); ++ struct dentry *d = list_entry(node, struct dentry, d_child); + + spin_lock_nested(&d->d_lock, DENTRY_D_LOCK_NESTED); + list_del_init(node); +@@ -1674,12 +1674,12 @@ static void sel_remove_classes(void) + + list_for_each(class_node, &class_dir->d_subdirs) { + struct dentry *class_subdir = list_entry(class_node, +- struct dentry, d_u.d_child); ++ struct dentry, d_child); + struct list_head *class_subdir_node; + + list_for_each(class_subdir_node, &class_subdir->d_subdirs) { + struct dentry *d = list_entry(class_subdir_node, +- struct dentry, d_u.d_child); ++ struct dentry, d_child); + + if (d->d_inode) + if (d->d_inode->i_mode & S_IFDIR) diff --git a/debian/patches/debian/vfs-avoid-abi-change-for-dentry-union-changes.patch b/debian/patches/debian/vfs-avoid-abi-change-for-dentry-union-changes.patch new file mode 100644 index 000000000..4f5f51082 --- /dev/null +++ b/debian/patches/debian/vfs-avoid-abi-change-for-dentry-union-changes.patch @@ -0,0 +1,76 @@ +From: Ben Hutchings +Date: Mon, 12 Jan 2015 04:54:59 +0000 +Subject: vfs: Avoid ABI change for dentry union changes +Forwarded: not-needed + +Commit 946e51f2bf37f1656916eb75bd0742ba33983c28 ("move d_rcu from +overlapping d_child to overlapping d_alias") looks disruptive and +it is an API change since the union is named. However, it doesn't +actually move anything that modules need, so it is not an ABI +change and we can safely hide it from genksysms. + +Verify this by adding an unused function with some BUILD_BUG_ONs +to assert the size and alignment of fields remain the same. + +--- +--- a/include/linux/dcache.h ++++ b/include/linux/dcache.h +@@ -124,15 +124,31 @@ struct dentry { + void *d_fsdata; /* fs-specific data */ + + struct list_head d_lru; /* LRU list */ ++#ifdef __GENKSYMS__ ++ /* ++ * bwh: The union changes here don't move anything other than ++ * d_rcu (which modules definitely should not touch). This is ++ * checked by dcache_abi_check(). ++ */ ++ union { ++#endif + struct list_head d_child; /* child of parent list */ ++#ifdef __GENKSYMS__ ++ struct rcu_head d_rcu; ++ } d_u; ++#endif + struct list_head d_subdirs; /* our children */ + /* + * d_alias and d_rcu can share memory + */ ++#ifndef __GENKSYMS__ + union { ++#endif + struct hlist_node d_alias; /* inode alias list */ ++#ifndef __GENKSYMS__ + struct rcu_head d_rcu; + } d_u; ++#endif + }; + + /* +--- a/fs/dcache.c ++++ b/fs/dcache.c +@@ -255,6 +255,24 @@ static void dentry_free(struct dentry *d + call_rcu(&dentry->d_u.d_rcu, __d_free); + } + ++/* ++ * bwh: Assert that dentry union changes didn't change the structure ++ * layout other than to move d_rcu. ++ */ ++static void __always_unused dcache_abi_check(void) ++{ ++ struct dentry dentry; ++ union { ++ struct list_head d_child; ++ struct rcu_head d_rcu; ++ } old_d_u; ++ BUILD_BUG_ON(sizeof(dentry.d_child) != sizeof(old_d_u) || ++ __alignof__(dentry.d_child) != __alignof__(old_d_u)); ++ BUILD_BUG_ON(sizeof(dentry.d_u.d_alias) != sizeof(dentry.d_u) || ++ __alignof__(dentry.d_u.d_alias) != ++ __alignof__(dentry.d_u)); ++} ++ + /** + * dentry_rcuwalk_barrier - invalidate in-progress rcu-walk lookups + * @dentry: the target dentry diff --git a/debian/patches/series b/debian/patches/series index 4dd35a070..c44ba9757 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -491,3 +491,7 @@ bugfix/all/isofs-fix-infinite-looping-over-ce-entries.patch bugfix/all/batman-adv-calculate-extra-tail-size-based-on-queued.patch bugfix/all/keys-close-race-between-key-lookup-and-freeing.patch bugfix/all/isofs-fix-unchecked-printing-of-er-records.patch +bugfix/all/move-d_rcu-from-overlapping-d_child-to-overlapping-d.patch +bugfix/all/aufs-move-d_rcu-from-overlapping-d_child-to-overlapping-d.patch +debian/vfs-avoid-abi-change-for-dentry-union-changes.patch +bugfix/all/deal-with-deadlock-in-d_walk.patch