xfs
[Top] [All Lists]

Re: inode_permission NULL pointer dereference in 3.13-rc1

To: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Subject: Re: inode_permission NULL pointer dereference in 3.13-rc1
From: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 28 Nov 2013 18:17:53 -0800
Cc: Dave Chinner <david@xxxxxxxxxxxxx>, Christoph Hellwig <hch@xxxxxxxxxxxxx>, linux-fsdevel <linux-fsdevel@xxxxxxxxxxxxxxx>, xfs@xxxxxxxxxxx
Delivered-to: xfs@xxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=pTRsx+w4M9tRGHG/pNgUqq73niFwOPufdJ3DOrpE+us=; b=sIQ7AU1TTqNaEfIVVfwhgiHr2AHygzKU6CiSlxeYvq/Amj6nIEYMWL785umlF1fW21 Nh9LiASTnIaSiqaXTtt59TvqzSfjPAS1BYn0urDwlONByJ5zvsxhKIu+l9OBpC53Mblv PRIRCb+3rQyGfoNgIJB2CvVQdpKhtQ4VMXuM81jlHWe359E4c9O2QIAI2B+KJBSCWbZo 0OTLFBEYJhRHDJ2iYY89f0A0+pV6QwGw5O4Kg8WBL6snfCltXlCN+b4sbQru1mDyQFSa ckR/m54Tm1T52qOQzzWgre01iA/0Z1AnInGpjyF86LByMxa6eZtrWdQL2ZJxrseFyaLC If4A==
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=pTRsx+w4M9tRGHG/pNgUqq73niFwOPufdJ3DOrpE+us=; b=ZVNguig58JckdhIPHA6FrLPNgZ0lD14mmslZ6nUpPHDduRWbak3yQUoHp2Agh06gAC TGXPj0ZYOH0zk1DVj1NlCC7sO5ktfmmNV3bhnkgoD2dIN1WwhTp1607BFf+OyzIFIJlT heMUH3Bs7lTMRZz51jGG55nv+7+zzxuGUodYo=
In-reply-to: <20131129020703.GR10323@xxxxxxxxxxxxxxxxxx>
References: <20131125160648.GA4933@xxxxxxxxxxxxx> <20131126131134.GM10323@xxxxxxxxxxxxxxxxxx> <20131126141253.GA28062@xxxxxxxxxxxxx> <20131127064351.GN10323@xxxxxxxxxxxxxxxxxx> <20131127100906.GA19740@xxxxxxxxxxxxx> <20131128162618.GO10323@xxxxxxxxxxxxxxxxxx> <20131128212301.GP10323@xxxxxxxxxxxxxxxxxx> <20131128225102.GS10988@dastard> <20131128234441.GQ10323@xxxxxxxxxxxxxxxxxx> <20131129014648.GU10988@dastard> <20131129020703.GR10323@xxxxxxxxxxxxxxxxxx>
Sender: linus971@xxxxxxxxx
On Thu, Nov 28, 2013 at 6:07 PM, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
>    Thus the
> comment about unbalanced dput() somewhere; the question is _where_ had
> that dput() been.

Clearing the LOOKUP_RCU bit is what I was looking at, because doing
that without doing the proper successful lockref_get_not_dead() ends
up being equivalent to missing a dget(), not an extra dput(). Which
was why I was looking at unlazy_walk() -> terminate_walk().

But I really don't see anything wrong. That was the only really
obvious sequence where you changed things. Everything else seems to be
a pretty 1:1 conversion.

            Linus

<Prev in Thread] Current Thread [Next in Thread>