From: Al Viro <viro@zeniv.linux.org.uk>
To: Trond Myklebust <trondmy@hammerspace.com>
Cc: "anna@kernel.org" <anna@kernel.org>,
"hch@infradead.org" <hch@infradead.org>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH] NFS: Fix directory delegation verifier checks
Date: Sun, 5 Apr 2026 03:39:53 +0100 [thread overview]
Message-ID: <20260405023953.GU3836593@ZenIV> (raw)
In-Reply-To: <20260404183247.GA2798238@ZenIV>
On Sat, Apr 04, 2026 at 07:32:47PM +0100, Al Viro wrote:
> [cc to fsdevel added]
>
> On Wed, Dec 31, 2025 at 09:52:35PM +0000, Trond Myklebust wrote:
>
> > +static void nfs_clear_verifier_directory(struct inode *dir)
> > +{
> > + struct dentry *this_parent;
> > + struct dentry *dentry;
> > + struct inode *inode;
> > +
> > + if (hlist_empty(&dir->i_dentry))
> > + return;
> > + this_parent =
> > + hlist_entry(dir->i_dentry.first, struct dentry, d_u.d_alias);
> > +
> > + spin_lock(&this_parent->d_lock);
> > + nfs_unset_verifier_delegated(&this_parent->d_time);
> > + dentry = d_first_child(this_parent);
> > + hlist_for_each_entry_from(dentry, d_sib) {
> > + if (unlikely(dentry->d_flags & DCACHE_DENTRY_CURSOR))
> > + continue;
> > + inode = d_inode_rcu(dentry);
> > + if (inode &&
> > + NFS_PROTO(inode)->have_delegation(inode, FMODE_READ, 0))
> > + continue;
>
> What's to stop the inode from being freed right under you? You are *not*
> guaranteed to be holding rcu_read_lock(), unless I'm missing something
> in the call chain, so... what's going on here?
Incidentally, nfs_clear_verifier_file() doesn't need to bother with
checking for NULL dir - alias is found in ->i_dentry of inode with
->i_lock held, which means it can't have progressed through
__dentry_kill() to dropping the reference to parent. So holding
alias->d_lock (which stabilizes ->d_parent) is enough - ->d_parent
is still pinned by alias and it can't have become negative.
"Can't have progressed through __dentry_kill()" is critical here -
that's the difference from nfs_set_verifier_locked() case.
Folks, this stuff can get seriously subtle; _please_ ask around on
fsdevel if you are doing something non-trivial with it.
prev parent reply other threads:[~2026-04-05 2:36 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-19 20:13 [PATCH] NFS: Fix directory delegation verifier checks Anna Schumaker
2025-12-22 22:35 ` Christoph Hellwig
2025-12-23 1:06 ` Christoph Hellwig
2025-12-31 21:52 ` Trond Myklebust
2026-01-06 6:21 ` hch@infradead.ori
2026-01-06 18:32 ` Trond Myklebust
2026-01-07 5:23 ` hch@infradead.ori
2026-01-07 15:07 ` Trond Myklebust
2026-01-07 15:30 ` hch@infradead.ori
2026-01-08 9:23 ` hch@infradead.ori
2026-01-07 16:52 ` Anna Schumaker
2026-04-04 18:32 ` Al Viro
2026-04-04 19:07 ` Al Viro
2026-04-05 2:39 ` Al Viro [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260405023953.GU3836593@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=anna@kernel.org \
--cc=hch@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=trondmy@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.