From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from bombadil.infradead.org ([198.137.202.133]:43532 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751858AbeCXLff (ORCPT ); Sat, 24 Mar 2018 07:35:35 -0400 Date: Sat, 24 Mar 2018 04:35:32 -0700 From: Matthew Wilcox To: Al Viro Cc: Eric Biggers , linux-fsdevel@vger.kernel.org, John Ogness , Eric Biggers Subject: Re: [PATCH vfs/for-next] fs/dcache.c: fix NULL pointer dereference in shrink_lock_dentry() Message-ID: <20180324113532.GA11930@bombadil.infradead.org> References: <20180323230443.168482-1-ebiggers3@gmail.com> <20180324043735.GB22733@bombadil.infradead.org> <20180324045054.GL30522@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180324045054.GL30522@ZenIV.linux.org.uk> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Sat, Mar 24, 2018 at 04:50:54AM +0000, Al Viro wrote: > On Fri, Mar 23, 2018 at 09:37:35PM -0700, Matthew Wilcox wrote: > > That puts the comparison out-of-line rather than in the exit path that > > everybody uses. > > That was my first reaction as well, but... we can get there without parent > changing - just a negative dentry that got grabbed by somebody else just > as we'd been getting its ->d_lock. Moreover, this is _not_ the exit path > everyone takes - all paths reaching it go though an unlikely branch. > The common ones are actually "got all locks, everything's stable, nobody > has grabbed any references" (return true a couple of lines prior) or > "the sucker has grown references while it sat on the shrink list" as the > second (considerably more rare) option (the very first return false in > that function). Quite right. I just woke up and my brain had figured that out while I was sleeping. Thanks.