• Al Viro's avatar
    fix d_walk()/non-delayed __d_free() race · cb3a638b
    Al Viro authored
    commit 3d56c25e upstream.
    
    Ascend-to-parent logics in d_walk() depends on all encountered child
    dentries not getting freed without an RCU delay.  Unfortunately, in
    quite a few cases it is not true, with hard-to-hit oopsable race as
    the result.
    
    Fortunately, the fix is simiple; right now the rule is "if it ever
    been hashed, freeing must be delayed" and changing it to "if it
    ever had a parent, freeing must be delayed" closes that hole and
    covers all cases the old rule used to cover.  Moreover, pipes and
    sockets remain _not_ covered, so we do not introduce RCU delay in
    the cases which are the reason for having that delay conditional
    in the first place.
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    [bwh: Backported to 3.16:
     - Adjust context
     - Also set the flag in __d_materialise_dentry())]
    Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
    cb3a638b
dcache.c 87.9 KB