vfs,proc: guarantee unique inodes in /proc

torvalds · torvalds · commit 51f0885e5415 · 2013-03-22T11:44:04.000-07:00
Dave Jones found another /proc issue with his Trinity tool: thanks to
the namespace model, we can have multiple /proc dentries that point to
the same inode, aliasing directories in /proc/&lt;pid&gt;/net/ for example.

This ends up being a total disaster, because it acts like hardlinked
directories, and causes locking problems.  We rely on the topological
sort of the inodes pointed to by dentries, and if we have aliased
directories, that odering becomes unreliable.

In short: don't do this.  Multiple dentries with the same (directory)
inode is just a bad idea, and the namespace code should never have
exposed things this way.  But we're kind of stuck with it.

This solves things by just always allocating a new inode during /proc
dentry lookup, instead of using "iget_locked()" to look up existing
inodes by superblock and number.  That actually simplies the code a bit,
at the cost of potentially doing more inode [de]allocations.

That said, the inode lookup wasn't free either (and did a lot of locking
of inodes), so it is probably not that noticeable.  We could easily keep
the old lookup model for non-directory entries, but rather than try to
be excessively clever this just implements the minimal and simplest
workaround for the problem.

Reported-and-tested-by: Dave Jones &lt;davej@redhat.com&gt;
Analyzed-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
@@ -446,9 +446,10 @@ static const struct file_operations proc_reg_file_ops_no_compat = {
 
 struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
 {
-	struct inode *inode = iget_locked(sb, de->low_ino);
+	struct inode *inode = new_inode_pseudo(sb);
 
-	if (inode && (inode->i_state & I_NEW)) {
+	if (inode) {
+		inode->i_ino = de->low_ino;
 		inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
 		PROC_I(inode)->pde = de;
 
@@ -476,7 +477,6 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
 				inode->i_fop = de->proc_fops;
 			}
 		}
-		unlock_new_inode(inode);
 	} else
 	       pde_put(de);
 	return inode;

Original file line number	Diff line number	Diff line change
`@@ -446,9 +446,10 @@ static const struct file_operations proc_reg_file_ops_no_compat = {`
`446`	`446`
`447`	`447`	`struct inode proc_get_inode(struct super_block sb, struct proc_dir_entry *de)`
`448`	`448`	`{`
`449`		`- struct inode *inode = iget_locked(sb, de->low_ino);`
	`449`	`+ struct inode *inode = new_inode_pseudo(sb);`
`450`	`450`
`451`		`- if (inode && (inode->i_state & I_NEW)) {`
	`451`	`+ if (inode) {`
	`452`	`+ inode->i_ino = de->low_ino;`
`452`	`453`	`inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;`
`453`	`454`	`PROC_I(inode)->pde = de;`
`454`	`455`
`@@ -476,7 +477,6 @@ struct inode proc_get_inode(struct super_block sb, struct proc_dir_entry *de)`
`476`	`477`	`inode->i_fop = de->proc_fops;`
`477`	`478`	`}`
`478`	`479`	`}`
`479`		`- unlock_new_inode(inode);`
`480`	`480`	`} else`
`481`	`481`	`pde_put(de);`
`482`	`482`	`return inode;`