From: Al Viro <viro@ZenIV.linux.org.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Drokin <green@linuxhacker.ru>,
"<linux-kernel@vger.kernel.org> Mailing List"
<linux-kernel@vger.kernel.org>,
"<linux-fsdevel@vger.kernel.org>" <linux-fsdevel@vger.kernel.org>
Subject: Re: Dcache oops
Date: Fri, 3 Jun 2016 23:37:00 +0100 [thread overview]
Message-ID: <20160603223700.GY14480@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20160603222355.GW14480@ZenIV.linux.org.uk>
On Fri, Jun 03, 2016 at 11:23:55PM +0100, Al Viro wrote:
> It's not that. It's explicit put_link() in do_last(), followed by
> ESTALEOPEN and subsequent misbegotten "retry the last step on ESTALEOPEN"
> looking at now-freed nd->last.name. IOW, the bug predates delayed_call
> stuff.
EOPENSTALE, that is... Oleg, could you check if the following works?
diff --git a/fs/namei.c b/fs/namei.c
index 4c4f95a..3d9511e 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -3166,9 +3166,7 @@ static int do_last(struct nameidata *nd,
int acc_mode = op->acc_mode;
unsigned seq;
struct inode *inode;
- struct path save_parent = { .dentry = NULL, .mnt = NULL };
struct path path;
- bool retried = false;
int error;
nd->flags &= ~LOOKUP_PARENT;
@@ -3211,7 +3209,6 @@ static int do_last(struct nameidata *nd,
return -EISDIR;
}
-retry_lookup:
if (open_flag & (O_CREAT | O_TRUNC | O_WRONLY | O_RDWR)) {
error = mnt_want_write(nd->path.mnt);
if (!error)
@@ -3292,23 +3289,14 @@ finish_lookup:
if (unlikely(error))
return error;
- if ((nd->flags & LOOKUP_RCU) || nd->path.mnt != path.mnt) {
- path_to_nameidata(&path, nd);
- } else {
- save_parent.dentry = nd->path.dentry;
- save_parent.mnt = mntget(path.mnt);
- nd->path.dentry = path.dentry;
-
- }
+ path_to_nameidata(&path, nd);
nd->inode = inode;
nd->seq = seq;
/* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */
finish_open:
error = complete_walk(nd);
- if (error) {
- path_put(&save_parent);
+ if (error)
return error;
- }
audit_inode(nd->name, nd->path.dentry, 0);
error = -EISDIR;
if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry))
@@ -3331,13 +3319,9 @@ finish_open_created:
goto out;
BUG_ON(*opened & FILE_OPENED); /* once it's opened, it's opened */
error = vfs_open(&nd->path, file, current_cred());
- if (!error) {
- *opened |= FILE_OPENED;
- } else {
- if (error == -EOPENSTALE)
- goto stale_open;
+ if (error)
goto out;
- }
+ *opened |= FILE_OPENED;
opened:
error = open_check_o_direct(file);
if (!error)
@@ -3353,26 +3337,7 @@ out:
}
if (got_write)
mnt_drop_write(nd->path.mnt);
- path_put(&save_parent);
return error;
-
-stale_open:
- /* If no saved parent or already retried then can't retry */
- if (!save_parent.dentry || retried)
- goto out;
-
- BUG_ON(save_parent.dentry != dir);
- path_put(&nd->path);
- nd->path = save_parent;
- nd->inode = dir->d_inode;
- save_parent.mnt = NULL;
- save_parent.dentry = NULL;
- if (got_write) {
- mnt_drop_write(nd->path.mnt);
- got_write = false;
- }
- retried = true;
- goto retry_lookup;
}
static int do_tmpfile(struct nameidata *nd, unsigned flags,
next prev parent reply other threads:[~2016-06-03 22:37 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-02 22:46 NFS/d_splice_alias breakage Oleg Drokin
2016-06-02 23:59 ` [PATCH] Allow d_splice_alias to accept hashed dentries green
2016-06-03 0:25 ` Oleg Drokin
2016-06-03 0:44 ` NFS/d_splice_alias breakage Trond Myklebust
2016-06-03 0:54 ` Oleg Drokin
2016-06-03 3:26 ` Al Viro
2016-06-03 3:38 ` Al Viro
2016-06-03 3:28 ` Al Viro
2016-06-03 3:37 ` Al Viro
2016-06-03 3:43 ` Oleg Drokin
2016-06-03 4:26 ` Al Viro
2016-06-03 4:42 ` Al Viro
2016-06-03 4:53 ` Al Viro
2016-06-03 4:58 ` Oleg Drokin
2016-06-03 5:56 ` Al Viro
2016-06-06 23:36 ` Oleg Drokin
2016-06-10 1:33 ` Oleg Drokin
2016-06-10 16:49 ` Oleg Drokin
2016-06-20 13:25 ` Oleg Drokin
2016-06-20 14:08 ` Al Viro
2016-06-20 14:54 ` Trond Myklebust
2016-06-20 15:28 ` Al Viro
2016-06-20 15:43 ` Anna Schumaker
2016-06-20 15:45 ` Oleg Drokin
2016-06-20 15:47 ` Trond Myklebust
2016-06-03 16:38 ` Dcache oops Oleg Drokin
2016-06-03 18:22 ` Al Viro
2016-06-03 18:35 ` Oleg Drokin
2016-06-03 20:07 ` Al Viro
2016-06-03 21:17 ` Oleg Drokin
2016-06-03 21:46 ` Al Viro
2016-06-03 22:17 ` Al Viro
2016-06-03 21:18 ` Linus Torvalds
2016-06-03 21:26 ` Al Viro
2016-06-03 22:00 ` Linus Torvalds
2016-06-03 22:23 ` Al Viro
2016-06-03 22:29 ` Al Viro
2016-06-03 22:36 ` Linus Torvalds
2016-06-03 22:42 ` Oleg Drokin
2016-06-03 22:43 ` Al Viro
2016-06-03 22:37 ` Al Viro [this message]
2016-06-03 22:49 ` Oleg Drokin
2016-06-03 23:58 ` Oleg Drokin
2016-06-04 0:56 ` Al Viro
2016-06-04 12:25 ` Jeff Layton
2016-06-04 16:12 ` Oleg Drokin
2016-06-04 16:21 ` [PATCH] nfs4: Fix potential use after free of state in nfs4_do_reclaim green
2016-06-04 19:57 ` Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160603223700.GY14480@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=green@linuxhacker.ru \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).