inode_permission NULL pointer dereference in 3.13-rc1
Al Viro
viro at ZenIV.linux.org.uk
Thu Nov 28 20:07:03 CST 2013
On Fri, Nov 29, 2013 at 12:46:48PM +1100, Dave Chinner wrote:
> > * d_count(dentry) is -128
>
> void lockref_mark_dead(struct lockref *lockref)
> {
> assert_spin_locked(&lockref->lock);
> lockref->count = -128;
> }
... done once refcount reaches zero and we decide to evict the sucker.
Which, for dentry that happens to be
* pwd of at least one process
* root of at least one process
* root dentry of a filesystem that contains at least one
binary being executed
means that we have dropped several references too many. Thus the
comment about unbalanced dput() somewhere; the question is _where_ had
that dput() been.
More information about the xfs
mailing list