• Al Viro's avatar
    reiserfs: fix deadlock in umount · 71986ee0
    Al Viro authored
    commit 672fe15d091ce76d6fb98e489962e9add7c1ba4c upstream.
    Since remove_proc_entry() started to wait for IO in progress (i.e.
    since 2007 or so), the locking in fs/reiserfs/proc.c became wrong;
    if procfs read happens between the moment when umount() locks the
    victim superblock and removal of /proc/fs/reiserfs/<device>/*,
    we'll get a deadlock - read will wait for s_umount (in sget(),
    called by r_start()), while umount will wait in remove_proc_entry()
    for that read to finish, holding s_umount all along.
    Fortunately, the same change allows a much simpler race avoidance -
    all we need to do is remove the procfs entries in the very beginning
    of reiserfs ->kill_sb(); that'll guarantee that pointer to superblock
    will remain valid for the duration for procfs IO, so we don't need
    sget() to keep the sucker alive.  As the matter of fact, we can
    get rid of the home-grown iterator completely, and use single_open()
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
procfs.c 13.4 KB