From: Maneesh Soni <maneesh@in.ibm.com>
To: Andrew Morton <akpm@digeo.com>
Cc: torvalds@transmeta.com, linux-kernel@vger.kernel.org, zilvinas@gemtek.lt
Subject: Re: kernel Ooops (2.5.63 bk latest)
Date: Fri, 28 Feb 2003 14:45:35 +0530 [thread overview]
Message-ID: <20030228091535.GE11135@in.ibm.com> (raw)
In-Reply-To: <20030227233434.7ed26b83.akpm@digeo.com>
On Thu, Feb 27, 2003 at 11:34:34PM -0800, Andrew Morton wrote:
> Maneesh Soni <maneesh@in.ibm.com> wrote:
> >
> > Hi Linus,
> >
> > The BUG was caught in d_validate() --> dget(). I think the
> > dentry to be validated can be already on LRU list with d_count
> > as zero. So, dget_locked should be used in place of dget().
> > dcache_rcu mistakingly used dget. This patch corrects it.
> >
> > Please apply the following patch.
> >
> > diff -urN linux-2.5.63-bk3/fs/dcache.c linux-2.5.63-bk3-d_validate/fs/dcache.c
> > --- linux-2.5.63-bk3/fs/dcache.c 2003-02-28 12:06:09.000000000 +0530
> > +++ linux-2.5.63-bk3-d_validate/fs/dcache.c 2003-02-28 12:16:30.000000000 +0530
> > @@ -1056,7 +1056,7 @@
> > * as it is parsed under dcache_lock
> > */
> > if (dentry == list_entry(lhp, struct dentry, d_hash)) {
> > - dget(dentry);
> > + __dget_locked(dentry);
> > spin_unlock(&dcache_lock);
> > return 1;
>
> Is this correct? If smbfs is playing around with dentries which are on
> dentry_unused and which have a zero refcount then these can be freed up at
> any time. The filesystem should have taken a ref on the dentry to prevent it
> from being scavenged.
> Isn't the bug over in smb_fill_cache(), which does:
>
> newdent = d_lookup(...);
> ...
> ctl.cache->dentry[ctl.idx] = newdent;
> ...
> dput(newdent);
>
> I suspect we need to take an extra ref on the dentry when it is copied to the
> cache, and put that ref back when smb_readdir() has finished using the dentry
> (it looks like it's already doing that).
>
> If so, the same problem is present in 2.4, but nobody noticed because 2.4 is
> already using __dget_locked() and escapes the BUG check.
ref is taken in d_validate, which is called before using the smbfs cached
dentry. It is this ref which is taken back in smb_readdir().
I am not sure when it is proper to take the extra ref that is either when
dentry is introduced in the smbfs cache or when it is read from the cache.
Maneesh
--
Maneesh Soni
IBM Linux Technology Center,
IBM India Software Lab, Bangalore.
Phone: +91-80-5044999 email: maneesh@in.ibm.com
http://lse.sourceforge.net/
next prev parent reply other threads:[~2003-02-28 8:52 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-26 11:37 kernel Ooops (2.5.63 bk latest) Zilvinas Valinskas
2003-02-28 7:09 ` Maneesh Soni
2003-02-28 7:34 ` Andrew Morton
2003-02-28 9:15 ` Maneesh Soni [this message]
2003-02-28 9:39 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030228091535.GE11135@in.ibm.com \
--to=maneesh@in.ibm.com \
--cc=akpm@digeo.com \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@transmeta.com \
--cc=zilvinas@gemtek.lt \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.