On Thu, Jun 12, 2014 at 11:20:22AM -0700, Linus Torvalds wrote: > > From: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > Date: Thu, 12 Jun 2014 00:29:13 -0400 > Subject: [PATCH] lock_parent: don't step on stale ->d_parent of all-but-freed one > > Commit c2338f2dc7c1e9f6202f370c64ffd7f44f3d4b51 upstream. > > Dentry that had been through (or into) __dentry_kill() might be seen > by shrink_dentry_list(); that's normal, it'll be taken off the shrink > list and freed if __dentry_kill() has already finished. The problem > is, its ->d_parent might be pointing to already freed dentry, so > lock_parent() needs to be careful. > > We need to check that dentry hasn't already gone into __dentry_kill() > *and* grab rcu_read_lock() before dropping ->d_lock - the latter makes > sure that whatever we see in ->d_parent after dropping ->d_lock it > won't be freed until we drop rcu_read_lock(). > > Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > Cc: stable@xxxxxxxxxxxxxxx # v3.15 > Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > --- > > Al forgot to mark this for stable in the commit, so I'm mailing it in > explicitly. Thanks, I'll go queue it up. greg k-h -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html