Re: [PATCH 07/13] nfs: make nfs_set_verifier() safe for use in RCU pathwalk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Feb 04, 2024 at 02:17:33AM +0000, Al Viro wrote:
> nfs_set_verifier() relies upon dentry being pinned; if that's
> the case, grabbing ->d_lock stabilizes ->d_parent and guarantees
> that ->d_parent points to a positive dentry.  For something
> we'd run into in RCU mode that is *not* true - dentry might've
> been through dentry_kill() just as we grabbed ->d_lock, with
> its parent going through the same just as we get to into
> nfs_set_verifier_locked().  It might get to detaching inode
> (and zeroing ->d_inode) before nfs_set_verifier_locked() gets
> to fetching that; we get an oops as the result.
> 
> That can happen in nfs{,4} ->d_revalidate(); the call chain in
> question is nfs_set_verifier_locked() <- nfs_set_verifier() <-
> nfs_lookup_revalidate_delegated() <- nfs{,4}_do_lookup_revalidate().
> We have checked that the parent had been positive, but that's
> done before we get to nfs_set_verifier() and it's possible for
> memory pressure to pick our dentry as eviction candidate by that
> time.  If that happens, back-to-back attempts to kill dentry and
> its parent are quite normal.  Sure, in case of eviction we'll
> fail the ->d_seq check in the caller, but we need to survive
> until we return there...
> 
> Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> ---

Acked-by: Christian Brauner <brauner@xxxxxxxxxx>




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux