From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org, "stable@vger.kernel.org,
Kees Cook" <keescook@chromium.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Alexander Viro <viro@zeniv.linux.org.uk>,
"Guilherme G. Piccoli" <gpiccoli@igalia.com>,
Tony Luck <tony.luck@intel.com>,
linux-hardening@vger.kernel.org,
Robert Garcia <rob_garcia@163.com>
Subject: [PATCH 5.15 144/776] pstore: inode: Only d_invalidate() is needed
Date: Sat, 30 May 2026 17:57:38 +0200 [thread overview]
Message-ID: <20260530160244.141751549@linuxfoundation.org> (raw)
In-Reply-To: <20260530160240.228940103@linuxfoundation.org>
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kees Cook <keescook@chromium.org>
[ Upstream commit a43e0fc5e9134a46515de2f2f8d4100b74e50de3 ]
Unloading a modular pstore backend with records in pstorefs would
trigger the dput() double-drop warning:
WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410
Using the combo of d_drop()/dput() (as mentioned in
Documentation/filesystems/vfs.rst) isn't the right approach here, and
leads to the reference counting problem seen above. Use d_invalidate()
and update the code to not bother checking for error codes that can
never happen.
Suggested-by: Alexander Viro <viro@zeniv.linux.org.uk>
Fixes: 609e28bb139e ("pstore: Remove filesystem records when backend is unregistered")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Cc: "Guilherme G. Piccoli" <gpiccoli@igalia.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: linux-hardening@vger.kernel.org
[ Minor context change fixed. ]
Signed-off-by: Robert Garcia <rob_garcia@163.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/pstore/inode.c | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
--- a/fs/pstore/inode.c
+++ b/fs/pstore/inode.c
@@ -312,7 +312,6 @@ int pstore_put_backend_records(struct ps
{
struct pstore_private *pos, *tmp;
struct dentry *root;
- int rc = 0;
root = psinfo_lock_root();
if (!root)
@@ -322,11 +321,8 @@ int pstore_put_backend_records(struct ps
list_for_each_entry_safe(pos, tmp, &records_list, list) {
if (pos->record->psi == psi) {
list_del_init(&pos->list);
- rc = simple_unlink(d_inode(root), pos->dentry);
- if (WARN_ON(rc))
- break;
- d_drop(pos->dentry);
- dput(pos->dentry);
+ d_invalidate(pos->dentry);
+ simple_unlink(d_inode(root), pos->dentry);
pos->dentry = NULL;
}
}
@@ -334,7 +330,7 @@ int pstore_put_backend_records(struct ps
inode_unlock(d_inode(root));
- return rc;
+ return 0;
}
/*
parent reply other threads:[~2026-05-30 17:44 UTC|newest]
Thread overview: expand[flat|nested] mbox.gz Atom feed
[parent not found: <20260530160240.228940103@linuxfoundation.org>]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260530160244.141751549@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=gpiccoli@igalia.com \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=patches@lists.linux.dev \
--cc=rob_garcia@163.com \
--cc=stable@vger.kernel.org \
--cc=tony.luck@intel.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox