Re: panic in do_last()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Apr 17, 2014 at 7:17 PM, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
> On Fri, Apr 18, 2014 at 02:57:50AM +0100, Al Viro wrote:
>
>> Where is it in do_last()?  Hard to tell without even the hex dump of
>> oopsing code (and trying to reproduce it here hasn't produced any oopsen
>> so far).
>
> Hmm...  Still no oopsen, but it looks like it *is* possible to get
> screwed there.  RCU mode isn't a problem, AFAICS (we'll fail on d_seq
> mismatch in complete_walk() and that will be the end of it), but
> non-lazy mode *can* get buggered.  We are holding a reference to
> nd->path.dentry and that's enough to prevent positive-to-negative
> transition, but negative-to-positive is fair game.  So it does
> happen and we end up with nd->inode being set to NULL.  And _that_
> promptly blows up on
>         if (!S_ISREG(nd->inode->i_mode))
>                 will_truncate = false;
> Actually, it might very well be the only source of breakage - that late
> in the game (already out of RCU mode, for starters) we don't give a damn
> about nd->inode.
>
> Ah, actually there's also
>                 BUG_ON(inode != path->dentry->d_inode);
> in symlink case (similar "negative to positive", but it will be a symlink(2),
> not creat(2)).  Pointless BUG_ON, actually...
>
> The reason why your reordering hadn't done any good is that CPU cache is free
> to reorder behind your back - no barriers between these two stores.

Added a barrier(), but still panic.

diff --git a/fs/dcache.c b/fs/dcache.c
index 40707d8..1d6b529 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -1647,11 +1647,12 @@ static void __d_instantiate(struct dentry
*dentry, struct inode *inode)
        unsigned add_flags = d_flags_for_inode(inode);

        spin_lock(&dentry->d_lock);
+      dentry->d_inode = inode;
+      barrier();
        dentry->d_flags &= ~DCACHE_ENTRY_TYPE;
        dentry->d_flags |= add_flags;
        if (inode)
                hlist_add_head(&dentry->d_alias, &inode->i_dentry);
-       dentry->d_inode = inode;
        dentry_rcuwalk_barrier(dentry);
        spin_unlock(&dentry->d_lock);
        fsnotify_d_instantiate(dentry, inode);
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux