On Fri, Nov 24, 2023 at 05:25:24PM +0100, Johannes Berg wrote:
> From: Johannes Berg <johannes.berg@xxxxxxxxx>
>
> debugfs_create_automount() stores a function pointer in d_fsdata,
> but since commit 7c8d469877b1 ("debugfs: add support for more
> elaborate ->d_fsdata") debugfs_release_dentry() will free it, now
> conditionally on DEBUGFS_FSDATA_IS_REAL_FOPS_BIT, but that's not
> set for the function pointer in automount. As a result, removing
> an automount dentry would attempt to free the function pointer.
> Luckily, the only user of this (tracing) never removes it.
>
> Nevertheless, it's safer if we just handle the fsdata in one way,
> namely either DEBUGFS_FSDATA_IS_REAL_FOPS_BIT or allocated. Thus,
> change the automount to allocate it, and use the real_fops in the
> data to indicate whether or not automount is filled, rather than
> adding a type tag. At least for now this isn't actually needed,
> but the next changes will require it.
>
> Also check in debugfs_file_get() that it gets only called
> on regular files, just to make things clearer.
>
> Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
> ---
> v2: add missing kfree() pointed out by smatch
Acked-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
