On Thu, 16 Nov 2023 18:00:16 +0530
Naresh Kamboju <naresh.kamb...@linaro.org> wrote:
> Following kernel crash noticed while running selftests: ftrace on arm64
> Juno-r2
> device running stable-rc linux-6.6.y kernel.
>
> This kernel crash is hard to reproduce.
>
Can you test this patch.
Note, there's a similar bug on 6.7-rc1 which I'll fix first. And when
that's accepted, I'll push this one for v6.6. This may be two patches as
one if the d_invalidate() issue, and another is a memory leak fix.
-- Steve
diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c
index 5fcfb634fec2..b60048469df1 100644
--- a/fs/tracefs/event_inode.c
+++ b/fs/tracefs/event_inode.c
@@ -289,6 +289,8 @@ void eventfs_set_ef_status_free(struct tracefs_inode *ti,
struct dentry *dentry)
ef = dentry->d_fsdata;
if (ef)
free_ef(ef);
+ else
+ kfree(ei);
return;
}
@@ -342,7 +344,6 @@ static void eventfs_post_create_dir(struct eventfs_file *ef)
static struct dentry *
create_dentry(struct eventfs_file *ef, struct dentry *parent, bool lookup)
{
- bool invalidate = false;
struct dentry *dentry;
mutex_lock(&eventfs_mutex);
@@ -387,23 +388,24 @@ create_dentry(struct eventfs_file *ef, struct dentry
*parent, bool lookup)
eventfs_post_create_dir(ef);
dentry->d_fsdata = ef;
} else {
- /* A race here, should try again (unless freed) */
- invalidate = true;
-
/*
+ * If we are here then the directory is being freed.
+ * The simple_recursive_removal() will get rid of the dentry
+ * here.
+ */
+ dentry = NULL;
+ /*
* Should never happen unless we get here due to being freed.
* Otherwise it means two dentries exist with the same name.
*/
WARN_ON_ONCE(!ef->is_freed);
}
mutex_unlock(&eventfs_mutex);
- if (invalidate)
- d_invalidate(dentry);
- if (lookup || invalidate)
+ if (lookup)
dput(dentry);
- return invalidate ? NULL : dentry;
+ return dentry;
}
static bool match_event_file(struct eventfs_file *ef, const char *name)
--
2.42.0
