From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Message-ID: <47819079.3000606@gmail.com> Date: Mon, 07 Jan 2008 11:37:45 +0900 From: Tejun Heo MIME-Version: 1.0 To: Al Viro References: <20071228173203.GA20690@boogie.lpds.sztaki.hu> <20080102151642.GA7273@boogie.lpds.sztaki.hu> <20080105075039.GF27894@ZenIV.linux.org.uk> <477F9481.2040505@gmail.com> <20080105194510.GK27894@ZenIV.linux.org.uk> <478037F8.8020103@gmail.com> In-Reply-To: <478037F8.8020103@gmail.com> Cc: Gabor Gombas , Greg KH , linux-kernel@vger.kernel.org, ebiederm@xmission.com, bluez-devel@lists.sf.net Subject: Re: [Bluez-devel] Oops involving RFCOMM and sysfs Reply-To: BlueZ development List-Id: BlueZ development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Sender: bluez-devel-bounces@lists.sourceforge.net Errors-To: bluez-devel-bounces@lists.sourceforge.net Hello, Tejun Heo wrote: > Al Viro wrote: >> On Sat, Jan 05, 2008 at 11:30:25PM +0900, Tejun Heo wrote: >>>> Assuming that this is what we get, everything looks explainable - we >>>> have sysfs_rename_dir() calling sysfs_get_dentry() while the parent >>>> gets evicted. We don't have any exclusion, so while we are playing >>>> silly buggers with lookups in sysfs_get_dentry() we have parent become >>>> negative; the rest is obvious... >>> That part of code is walking down the sysfs tree from the s_root of >>> sysfs hierarchy and on each step parent is held using dget() while being >>> referenced, so I don't think they can turn negative there. >> Turn? Just what stops you from getting a negative (and unhashed) from >> lookup_one_noperm() and on the next iteration being buggered on mutex_lock()? > > Right, I haven't thought about that. When sysfs_get_dentry() is called, > @sd is always valid so unless there was existing negative dentry, lookup > is guaranteed to return positive dentry, but by populating dcache with > negative dentry before a node is created, things can go wrong. I don't > think that's what's going on here tho. If that was the case, the > while() loop looking up the next sd to lookup (@cur) should have blown > up as negative dentry will have NULL d_fsdata which doesn't match any sd. > > I guess what's needed here is d_revalidate() as other distributed > filesystems do. I'll test whether this can be actually triggered and > prepare a fix. Thanks a lot for pointing out the problem. This can't happen because lookup of non-existent entry doesn't create a negative dentry. The new dentry is never hashed and killed after lookup failure, the above scenario can't happen. That said, the mechanism is a bit too fragile. sysfs currently ensures that dentry/inode point to the associated sysfs_dirent. This is mainly remanent of conversion from previous VFS based implementation. I think the right thing to do here is to make sysfs behave like other proper distributed filesystems using d_revalidate. Thanks. -- tejun ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Bluez-devel mailing list Bluez-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bluez-devel