From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jeff Moyer <jmoyer@redhat.com>
Subject: Re: [autofs] [RFC PATCH]autofs4: hang and proposed fix
Date: Tue, 6 Dec 2005 17:37:53 -0500
Message-ID: <17302.4801.459854.80468@segfault.boston.redhat.com>
References: <438F251B.7060602@us.ibm.com>
	<Pine.LNX.4.63.0512022059350.2070@donald.themaw.net>
	<43906968.6080508@us.ibm.com>
	<Pine.LNX.4.63.0512030115310.2632@donald.themaw.net>
	<1133547148.8976.25.camel@lade.trondhjem.org>
	<20051204125612.GA28229@infradead.org>
	<20051204125740.GB28229@infradead.org>
	<Pine.LNX.4.63.0512042256380.31847@donald.themaw.net>
	<20051204171729.GA31111@infradead.org>
	<17302.157.540958.723305@segfault.boston.redhat.com>
	<20051206214033.GA31000@infradead.org>
Reply-To: jmoyer@redhat.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: Ian Kent <raven@themaw.net>,
	Trond Myklebust <trond.myklebust@fys.uio.no>,
	Will Taber <wtaber@us.ibm.com>, Ram Pai <linuxram@us.ibm.com>,
	autofs mailing list <autofs@linux.kernel.org>,
	linux-fsdevel <linux-fsdevel@vger.kernel.org>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mx1.redhat.com ([66.187.233.31]:64403 "EHLO mx1.redhat.com")
	by vger.kernel.org with ESMTP id S932646AbVLFWi0 (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Tue, 6 Dec 2005 17:38:26 -0500
To: Christoph Hellwig <hch@infradead.org>
In-Reply-To: <20051206214033.GA31000@infradead.org>
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

==> Regarding Re: [autofs] [RFC PATCH]autofs4: hang and proposed fix; Christoph Hellwig <hch@infradead.org> adds:

hch> On Tue, Dec 06, 2005 at 04:20:29PM -0500, Jeff Moyer wrote: No, for
hch> current TOT that can't happen.  It could happen for older kernels but
hch> nothing is doing it in the tree anymore and if anything outside is
hch> doing it it's fundamentally broken.
>> This is a bit unclear to me.  What do you mean when you refer to "it"
>> and "that" above?  Oh, and TOT is a TLA I haven't run across before.

hch> TOT = top of tree.

hch> To rephrease the above: With current mainline the nameidata argument
hch> is always valid when ->lookup or ->d_revalidate are called except when
hch> the filesystem uses lookup_one_len.  lookup_one_len is a helper for
hch> fileystem usage that is only valid to be used on the filesystems own
hch> trees.

>> We know that there is at least one out of tree module that calls
>> lookup_one_len, and ends up in the autofs4 revalidate code without the
>> valid nameidata structure.  In this case, with your patch, wouldn't we
>> blindly dereference the structure and cause an oops?  If so, who is at
>> fault?

hch> This out of tree module is wrong and always has been wrong.  Any
hch> actual breakage of such a module is expected.

Thanks for the clarification.  This was my interpretation, but I wanted to
be sure.

hch> Do you happen to know what module that is?

Well, the example originally posted was stubfs, which was purported to be a
sample fs used to show this problem.  Perhaps the original reporter can
tell us what other code does this.

-Jeff