On Thu, Dec 07, 2017 at 10:46:22AM +0800, 穆阿浩(姜弋) wrote: > This issue is found when creating /dev/sdtest with flags (O_CREAT | > O_DIRECT). The file still can be retrieved even after system reports > failure (-EINVAL) for it. Reporting error on creating the file is > correct behaviour because either devtmpfs or tmpfs doesn't support > O_DIRECT for regular file. However, it's incorrect that the file is > still existing. The cause is the newly allocated dentry and inode > aren't released on failure in do_last(). > # rm /dev/sdtest > # dd if=/dev/urandom of=/dev/sdtest bs=4k count=1 oflag=direct > <-EINVAL is returned> > # ls /dev/sdtest > <File is still existing> > > This fixes the issue by releasing the dentry, thus the inode on failure > in do_last(). With this applied, the file (/dev/sdtest) isn't seen > in this scenario. > + if (error && (*opened & FILE_OPENED)) > + dput(path.dentry); NAK. For one thing, it's racy as hell even on tmpfs - plain open() from another process would've succeeded in that window. For another, it's outright exploitable on filesystems where dentry tree does not contain all the existing directory tree (anything disk-based, for starters).
