On Wed, May 06, 2020 at 07:49:20PM +0100, Al Viro wrote: > On Wed, May 06, 2020 at 08:34:29AM -0700, Kees Cook wrote: > > > Just posted the whole series: > > https://lore.kernel.org/lkml/20200506152114.50375-1-keesc...@chromium.org/ > > > > But the specific question was driven by this patch: > > https://lore.kernel.org/lkml/20200506152114.50375-11-keesc...@chromium.org/ > > Yecchh... First of all, you are leaving a dangling pointer in your > struct pstore_private ->dentry. What's more, in your case d_delete()
Yeah, good idea: I can wipe out the pstore_private->dentry at this point just for robustness. From what I could tell the evict got immediately called after the dput(). > is definitely wrong - either there are other references to dentry > (in which case d_delete() is the same as d_drop()), or dput() right > after it will drive ->d_count to zero and since you end up using > simple_dentry_operations, dentry will be freed immediately after > that. Do you mean the d_drop() isn't needed? What happens if someone has the file open during this routine? The goal here is to make these files disappear so they'll go through evict. > I have not looked at the locking in that series yet, so no comments Yeah, I would not be surprised by some more locking issues, but I think it's an improvement over what was there. Most of the code seems to have been designed to be non-modular. :P > on the races, but in any case - that d_delete() is a misspelled d_drop(). I'll change it; thanks! -- Kees Cook
