On Fri, Mar 23, 2018 at 04:04:43PM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@xxxxxxxxxx>
>
> We can reach 'out:' with a negative dentry, e.g. if there is contention
> on ->d_parent->d_lock and another task concurrently gets a reference to
> the negative dentry. In that case 'inode' will be NULL, so we must not
> try to unlock 'inode'.
>
> This bug was found by xfstest generic/429.
hmm ... I'd rather see:
if (unlikely(parent != dentry->d_parent)) {
spin_unlock(&parent->d_lock);
spin_lock(&dentry->d_lock);
- goto out;
+ if (inode)
+ goto out;
+ return false;
}
spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED);
if (likely(!dentry->d_lockref.count))
return true;
spin_unlock(&parent->d_lock);
out:
spin_unlock(&inode->i_lock);
return false;
That puts the comparison out-of-line rather than in the exit path that
everybody uses.
(Signed-off-by: Matthew Wilcox <mawilcox@xxxxxxxxxxxxx> in case we end
up choosing this variant)
