diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2018-02-23 20:47:17 -0500 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2018-06-16 22:22:24 +0100 |
| commit | 80279158472a5e10191c8f16a32af884dd16e803 (patch) | |
| tree | 8aa748a9cef9aeefe4b39f9772b947c4b7a85b90 /net | |
| parent | 4eb6a29b257208ddb93dd80133c3fc72529849d9 (diff) | |
lock_parent() needs to recheck if dentry got __dentry_kill'ed under it
commit 3b821409632ab778d46e807516b457dfa72736ed upstream.
In case when dentry passed to lock_parent() is protected from freeing only
by the fact that it's on a shrink list and trylock of parent fails, we
could get hit by __dentry_kill() (and subsequent dentry_kill(parent))
between unlocking dentry and locking presumed parent. We need to recheck
that dentry is alive once we lock both it and parent *and* postpone
rcu_read_unlock() until after that point. Otherwise we could return
a pointer to struct dentry that already is rcu-scheduled for freeing, with
->d_lock held on it; caller's subsequent attempt to unlock it can end
up with memory corruption.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'net')
0 files changed, 0 insertions, 0 deletions