On 24/06/2025 04:38, Mark Millard wrote:
Jean-Sébastien Pédron <dumbbell_at_FreeBSD.org> wrote on
If `debugfs_destroy()` is called early as part of error handling during
initialzation, `pn->pn_data` is unset.
"is unset": Is this wording intended to mean:
A) (...)
vs.
B) guaranteed to have been set to either NULL
or to a valid non-NULL pointer value?
Yes, it's scenario (B). pfs_create_{file,dir}() allocates the structure
with `M_ZERO`, thus the field is NULL at first.
debugfs_create_{file,dir}() sets `pn_data` after
`pfs_create_{file,dir}() returned successfully.
However, if pfs_create_{file,dir}() fails, it calls the given "destroy"
callback before returning NULL. Therefore, when debugfs_destroy() was
called as part of the aborted creation, it was still assuming `pn_data`
was set to its own private data; this was not the case.
I hope that clears the issue origin.
--
Jean-Sébastien Pédron
The FreeBSD Project
