From mboxrd@z Thu Jan 1 00:00:00 1970 From: Al Viro Subject: Re: [PATCH] VFS: Add back check for !inode in walk_component() Date: Thu, 7 May 2015 19:13:35 +0100 Message-ID: <20150507181335.GE889@ZenIV.linux.org.uk> References: <20150507125241.4da739ac@gandalf.local.home> <20150507172834.GD889@ZenIV.linux.org.uk> <20150507133935.2d2e3181@gandalf.local.home> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: David Howells , LKML , linux-fsdevel@vger.kernel.org To: Steven Rostedt Return-path: Received: from zeniv.linux.org.uk ([195.92.253.2]:52939 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751297AbbEGSNk (ORCPT ); Thu, 7 May 2015 14:13:40 -0400 Content-Disposition: inline In-Reply-To: <20150507133935.2d2e3181@gandalf.local.home> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Thu, May 07, 2015 at 01:39:35PM -0400, Steven Rostedt wrote: > I had them printed in my previous traces. The flags were 0x200088, and > they were 0 just before the call. Not dentry->d_flags, nd->flags. Most interesting part is bit 6 in those (LOOKUP_RCU, 0x40). As for creation... I think I see what might be going on: A: finds a negative dentry, picks NULL ->d_inode from it and whatever ->d_seq it had. B: d_instantiate(): sets ->d_inode non-NULL, ->d_flags accordingly and bumps ->d_seq. A: fetches ->d_flags, sees non-negative, assumes ->d_inode is non-NULL. In reality, the last assumption should've been "->d_inode is non-NULL or we have a stale ->d_seq and will end up discarding that fscker anyway". Hmm... Smells like we ought to a) in lookup_fast() turn if (read_seqcount_retry(&dentry->d_seq, seq)) return -ECHILD; into if (unlikely(d_is_negative(dentry))) { if (read_seqcount_retry(&dentry->d_seq, seq)) return -ECHILD; else return -ENOENT; } if (read_seqcount_retry(&dentry->d_seq, seq)) return -ECHILD; and if (likely(!err)) *inode = path->dentry->d_inode; into if (likely(!err)) { *inode = path->dentry->d_inode; if (unlikely(d_is_negative(dentry))) { path_to_nameidata(path, nd); err = -ENOENT; } } b) in walk_component() and do_last():finish_lookup move the d_is_negative() checks a bit up - into the body of preceding if () in the former and just prior to the finish_lookup: in the latter. AFAICS, the rest of d_is_negative() in fs/namei.c doesn't suffer that kind of problem...