xfs
[Top] [All Lists]

Re: inode_permission NULL pointer dereference in 3.13-rc1

To: Dave Chinner <david@xxxxxxxxxxxxx>
Subject: Re: inode_permission NULL pointer dereference in 3.13-rc1
From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Date: Fri, 29 Nov 2013 02:07:03 +0000
Cc: Christoph Hellwig <hch@xxxxxxxxxxxxx>, linux-fsdevel@xxxxxxxxxxxxxxx, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, xfs@xxxxxxxxxxx
Delivered-to: xfs@xxxxxxxxxxx
In-reply-to: <20131129014648.GU10988@dastard>
References: <20131125160648.GA4933@xxxxxxxxxxxxx> <20131126131134.GM10323@xxxxxxxxxxxxxxxxxx> <20131126141253.GA28062@xxxxxxxxxxxxx> <20131127064351.GN10323@xxxxxxxxxxxxxxxxxx> <20131127100906.GA19740@xxxxxxxxxxxxx> <20131128162618.GO10323@xxxxxxxxxxxxxxxxxx> <20131128212301.GP10323@xxxxxxxxxxxxxxxxxx> <20131128225102.GS10988@dastard> <20131128234441.GQ10323@xxxxxxxxxxxxxxxxxx> <20131129014648.GU10988@dastard>
Sender: Al Viro <viro@xxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)
On Fri, Nov 29, 2013 at 12:46:48PM +1100, Dave Chinner wrote:
> >     * d_count(dentry) is -128
> 
> void lockref_mark_dead(struct lockref *lockref)
> {
>         assert_spin_locked(&lockref->lock);
>         lockref->count = -128;
> }

... done once refcount reaches zero and we decide to evict the sucker.
Which, for dentry that happens to be
        * pwd of at least one process
        * root of at least one process
        * root dentry of a filesystem that contains at least one
binary being executed
means that we have dropped several references too many.  Thus the
comment about unbalanced dput() somewhere; the question is _where_ had
that dput() been.

<Prev in Thread] Current Thread [Next in Thread>