On Fri, Mar 6, 2020 at 7:48 PM Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > > On Fri, Mar 06, 2020 at 06:36:05PM -0800, Daniel Rosenberg wrote: > > Have you even tested that? Could you tell me where does the calculated > hash go? And just what is it doing trying to check if the name we are about to > look up in directory specified by 'dentry' might be pointing to dentry->d_iname? Turns out I tested exactly not that :/ Ran tests on the wrong kernel. I've fixed my setup so that shouldn't happen again. The calculated hash there goes exactly nowhere because I failed to copy it back into the original qstr. I'm trying to see if the name is a small name, which, if my understanding is correct, is the only time a name might change from underneath you in an RCU context. This assumes that the name either comes from the dentry, or is otherwise not subject to changes. It's based around the check that take_dentry_name_snapshot does. It does feel a bit sketchy to assume that, so I'm very open to other suggestions there. I'm going through that hassle because the various utf8 functions do a lot of dereferencing the string and manipulating pointers by those values, expecting them to be consistent. It might be enough to just go through that code and add a bunch of checks to make sure we can't accidentally walk off of either end.