On Mon, Feb 10, 2020 at 03:11:13PM -0800, Daniel Rosenberg wrote: > On Fri, Feb 7, 2020 at 6:12 PM Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > > > > On Fri, Feb 07, 2020 at 05:35:46PM -0800, Daniel Rosenberg wrote: > > > > > > Again, is that safe in case when the contents of the string str points to > > keeps changing under you? > > I'm not sure what you mean. I thought it was safe to use the str and > len passed into d_compare. Even if it gets changed under RCU > conditions I thought there was some code to ensure that the name/len > pair passed in is consistent, and any other inconsistencies would get > caught by d_seq later. Are there unsafe code paths that can follow? If you ever fetch the same byte twice, you might see different values. You need a fairly careful use of READ_ONCE() or equivalents to make sure that you don't get screwed over by that. Sure, ->d_seq mismatch will throw the result out, but you need to make sure you won't oops/step on uninitialized memory/etc. in process. It's not impossible to get right, but it's not trivial and you need all code working with that much more careful than normal for string handling.
