NFS, two d_delete() calls in nfs_unlink()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello NeilBrown and Trond Myklebust,

By the commin in v6.0-rc1,
	3c59366c207e 2022-08-08 NFS: don't unhash dentry during unlink/rename
nfs_unlink() stopped calling __d_drop().
And it MAY cause two d_delete() calls. If it happens, the second call
leads to NULL pointer access because d_inode is already cleared.

Here is the detail.

nfs_unlink()
+ nfs_safe_remove()
  + NFS_PROTO(dir)->remove() <-- returns ENOENT
  + nfs_dentry_handle_enoent()
    + if (simple_positive()) d_delete() <-- 1st call and d_inode is cleared
+ nfs_dentry_remove_handle_error()
  + if (ENOENT) d_delete() <-- second call and NULL d_inode is accessed

How about adding a condition for d_delete() call in
nfs_dentry_remove_handle_error(), such like simple_positive()?


J. R. Okajima
[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux