git.baikalelectronics.ru Git - kernel.git/commit

author	Yan, Zheng <zyan@redhat.com>
	Mon, 7 Mar 2016 02:34:50 +0000 (10:34 +0800)
committer	Ilya Dryomov <idryomov@gmail.com>
	Fri, 25 Mar 2016 17:51:55 +0000 (18:51 +0100)
commit	6dd6407e43893037c70e0d4c8b4e9b600095bab2
tree	b0947756198ee556f500e2b5dd001104fec003b8	tree \| snapshot
parent	a2f5a33ec64c3e77ff7df7d04c1bfb2f69594549	commit \| diff

ceph: fix security xattr deadlock

When security is enabled, security module can call filesystem's
getxattr/setxattr callbacks during d_instantiate(). For cephfs,
d_instantiate() is usually called by MDS' dispatch thread, while
handling MDS reply. If the MDS reply does not include xattrs and
corresponding caps, getxattr/setxattr need to send a new request
to MDS and waits for the reply. This makes MDS' dispatch sleep,
nobody handles later MDS replies.

The fix is make sure lookup/atomic_open reply include xattrs and
corresponding caps. So getxattr can be handled by cached xattrs.
This requires some modification to both MDS and request message.
(Client tells MDS what caps it wants; MDS encodes proper caps in
the reply)

Smack security module may call setxattr during d_instantiate().
Unlike getxattr, we can't force MDS to issue CEPH_CAP_XATTR_EXCL
to us. So just make setxattr return error when called by MDS'
dispatch thread.

Signed-off-by: Yan, Zheng <zyan@redhat.com>

fs/ceph/dir.c		diff \| blob \| history
fs/ceph/export.c		diff \| blob \| history
fs/ceph/file.c		diff \| blob \| history
fs/ceph/inode.c		diff \| blob \| history
fs/ceph/mds_client.c		diff \| blob \| history
fs/ceph/super.h		diff \| blob \| history
fs/ceph/xattr.c		diff \| blob \| history
include/linux/ceph/ceph_fs.h		diff \| blob \| history