On Thu, Mar 13, 2025 at 04:29:01AM +0000, Al Viro wrote: > prior to "[POWERPC] spufs: Fix gang destroy leaks" we used to have > a problem with gang lifetimes - creation of a gang returns opened > gang directory, which normally gets removed when that gets closed, > but if somebody has created a context belonging to that gang and > kept it alive until the gang got closed, removal failed and we > ended up with a leak. > > Unfortunately, it had been fixed the wrong way. Dentry of gang > directory was no longer pinned, and rmdir on close was gone. > One problem was that failure of open kept calling simple_rmdir() > as cleanup, which meant an unbalanced dput(). Another bug was > in the success case - gang creation incremented link count on > root directory, but that was no longer undone when gang got > destroyed. > > Fix consists of > * reverting the commit in question > * adding a counter to gang, protected by ->i_rwsem > of gang directory inode. > * having it set to 1 at creation time, dropped > in both spufs_dir_close() and spufs_gang_close() and bumped > in spufs_create_context(), provided that it's not 0. > * using simple_recursive_removal() to take the gang > directory out when counter reaches zero. > > Fixes: 877907d37da9 "[POWERPC] spufs: Fix gang destroy leaks" > Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > --- Reviewed-by: Christian Brauner <brauner@xxxxxxxxxx>
