From mboxrd@z Thu Jan 1 00:00:00 1970 From: Greg Kroah-Hartman Subject: Re: [RFC][PATCH] debugfs: Fix corrupted loop in debugfs_remove_recursive Date: Thu, 12 Jun 2014 09:08:27 -0700 Message-ID: <20140612160827.GA12378@kroah.com> References: <20140609140607.3e3aae39@gandalf.local.home> <20140612104314.GB18016@ZenIV.linux.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Steven Rostedt , LKML , linux-fsdevel@vger.kernel.org, Andrew Morton To: Al Viro Return-path: Content-Disposition: inline In-Reply-To: <20140612104314.GB18016@ZenIV.linux.org.uk> Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Thu, Jun 12, 2014 at 11:43:14AM +0100, Al Viro wrote: > On Mon, Jun 09, 2014 at 02:06:07PM -0400, Steven Rostedt wrote: > > > When these are called, the d_entry and inode locks need to be released > > to call the instance creation and deletion code. That code has its own > > accounting and locking to serialize everything to prevent multiple > > users from causing harm. As the parent "instance" directory can not > > be modified this simplifies things. > > Yecchhh... Looking at debugfs: > > static inline int debugfs_positive(struct dentry *dentry) > { > return dentry->d_inode && !d_unhashed(dentry); > } > > ... > if (debugfs_positive(dentry)) { > if (dentry->d_inode) { > What the hell? > > parent = dentry->d_parent; > if (!parent || !parent->d_inode) > return; > Huh? First of all, ->d_parent is *never* NULL. Moreover, it can't be a > negative dentry. > > What's more, if debugfs_rename() is ever used for cross-directory renames, > this tree-walker is buggered - it'll happily walk up "back" into a directory > it has never visited... All of that code has been there since before 2.11, I really don't remember how I came up with it at all, sorry. I'm working on converting debugfs to use kernfs, so all of the debugfs mess and problems should go away soon. thanks, greg k-h