From: Al Viro <viro@zeniv.linux.org.uk>
To: linux-fsdevel@vger.kernel.org
Cc: torvalds@linux-foundation.org, brauner@kernel.org, jack@suse.cz,
raven@themaw.net, miklos@szeredi.hu, neil@brown.name,
a.hindborg@kernel.org, linux-mm@kvack.org,
linux-efi@vger.kernel.org, ocfs2-devel@lists.linux.dev,
kees@kernel.org, rostedt@goodmis.org, gregkh@linuxfoundation.org,
linux-usb@vger.kernel.org, paul@paul-moore.com,
casey@schaufler-ca.com, linuxppc-dev@lists.ozlabs.org,
john.johansen@canonical.com, selinux@vger.kernel.org,
borntraeger@linux.ibm.com, bpf@vger.kernel.org
Subject: [PATCH v2 50/50] d_make_discardable(): warn if given a non-persistent dentry
Date: Tue, 28 Oct 2025 00:46:09 +0000 [thread overview]
Message-ID: <20251028004614.393374-51-viro@zeniv.linux.org.uk> (raw)
In-Reply-To: <20251028004614.393374-1-viro@zeniv.linux.org.uk>
At this point there are very few call chains that might lead to
d_make_discardable() on a dentry that hadn't been made persistent:
calls of simple_unlink() and simple_rmdir() in configfs and
apparmorfs.
Both filesystems do pin (part of) their contents in dcache, but
they are currently playing very unusual games with that. Converting
them to more usual patterns might be possible, but it's definitely
going to be a long series of changes in both cases.
For now the easiest solution is to have both stop using simple_unlink()
and simple_rmdir() - that allows to make d_make_discardable() warn
when given a non-persistent dentry.
Rather than giving them full-blown private copies (with calls of
d_make_discardable() replaced with dput()), let's pull the parts of
simple_unlink() and simple_rmdir() that deal with timestamps and link
counts into separate helpers (__simple_unlink() and __simple_rmdir()
resp.) and have those used by configfs and apparmorfs.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
fs/configfs/dir.c | 10 ++++++++--
fs/configfs/inode.c | 3 ++-
fs/dcache.c | 1 +
fs/libfs.c | 21 +++++++++++++++++----
include/linux/fs.h | 2 ++
security/apparmor/apparmorfs.c | 13 +++++++++----
6 files changed, 39 insertions(+), 11 deletions(-)
diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c
index 81f4f06bc87e..e8f2f44012e9 100644
--- a/fs/configfs/dir.c
+++ b/fs/configfs/dir.c
@@ -400,8 +400,14 @@ static void remove_dir(struct dentry * d)
configfs_remove_dirent(d);
- if (d_really_is_positive(d))
- simple_rmdir(d_inode(parent),d);
+ if (d_really_is_positive(d)) {
+ if (likely(simple_empty(d))) {
+ __simple_rmdir(d_inode(parent),d);
+ dput(d);
+ } else {
+ pr_warn("remove_dir (%pd): attributes remain", d);
+ }
+ }
pr_debug(" o %pd removing done (%d)\n", d, d_count(d));
diff --git a/fs/configfs/inode.c b/fs/configfs/inode.c
index 1d2e3a5738d1..bcda3372e141 100644
--- a/fs/configfs/inode.c
+++ b/fs/configfs/inode.c
@@ -211,7 +211,8 @@ void configfs_drop_dentry(struct configfs_dirent * sd, struct dentry * parent)
dget_dlock(dentry);
__d_drop(dentry);
spin_unlock(&dentry->d_lock);
- simple_unlink(d_inode(parent), dentry);
+ __simple_unlink(d_inode(parent), dentry);
+ dput(dentry);
} else
spin_unlock(&dentry->d_lock);
}
diff --git a/fs/dcache.c b/fs/dcache.c
index a7fab68fb4c9..824d620bb563 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -931,6 +931,7 @@ EXPORT_SYMBOL(dput);
void d_make_discardable(struct dentry *dentry)
{
spin_lock(&dentry->d_lock);
+ WARN_ON(!(dentry->d_flags & DCACHE_PERSISTENT));
dentry->d_flags &= ~DCACHE_PERSISTENT;
dentry->d_lockref.count--;
rcu_read_lock();
diff --git a/fs/libfs.c b/fs/libfs.c
index 80f288a771e3..0aa630e7eb00 100644
--- a/fs/libfs.c
+++ b/fs/libfs.c
@@ -790,13 +790,27 @@ int simple_empty(struct dentry *dentry)
}
EXPORT_SYMBOL(simple_empty);
-int simple_unlink(struct inode *dir, struct dentry *dentry)
+void __simple_unlink(struct inode *dir, struct dentry *dentry)
{
struct inode *inode = d_inode(dentry);
inode_set_mtime_to_ts(dir,
inode_set_ctime_to_ts(dir, inode_set_ctime_current(inode)));
drop_nlink(inode);
+}
+EXPORT_SYMBOL(__simple_unlink);
+
+void __simple_rmdir(struct inode *dir, struct dentry *dentry)
+{
+ drop_nlink(d_inode(dentry));
+ __simple_unlink(dir, dentry);
+ drop_nlink(dir);
+}
+EXPORT_SYMBOL(__simple_rmdir);
+
+int simple_unlink(struct inode *dir, struct dentry *dentry)
+{
+ __simple_unlink(dir, dentry);
d_make_discardable(dentry);
return 0;
}
@@ -807,9 +821,8 @@ int simple_rmdir(struct inode *dir, struct dentry *dentry)
if (!simple_empty(dentry))
return -ENOTEMPTY;
- drop_nlink(d_inode(dentry));
- simple_unlink(dir, dentry);
- drop_nlink(dir);
+ __simple_rmdir(dir, dentry);
+ d_make_discardable(dentry);
return 0;
}
EXPORT_SYMBOL(simple_rmdir);
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 95933ceaae51..ef842adbd418 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -3621,6 +3621,8 @@ extern int simple_open(struct inode *inode, struct file *file);
extern int simple_link(struct dentry *, struct inode *, struct dentry *);
extern int simple_unlink(struct inode *, struct dentry *);
extern int simple_rmdir(struct inode *, struct dentry *);
+extern void __simple_unlink(struct inode *, struct dentry *);
+extern void __simple_rmdir(struct inode *, struct dentry *);
void simple_rename_timestamp(struct inode *old_dir, struct dentry *old_dentry,
struct inode *new_dir, struct dentry *new_dentry);
extern int simple_rename_exchange(struct inode *old_dir, struct dentry *old_dentry,
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 391a586d0557..9b9090d38ea2 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -358,10 +358,15 @@ static void aafs_remove(struct dentry *dentry)
dir = d_inode(dentry->d_parent);
inode_lock(dir);
if (simple_positive(dentry)) {
- if (d_is_dir(dentry))
- simple_rmdir(dir, dentry);
- else
- simple_unlink(dir, dentry);
+ if (d_is_dir(dentry)) {
+ if (!WARN_ON(!simple_empty(dentry))) {
+ __simple_rmdir(dir, dentry);
+ dput(dentry);
+ }
+ } else {
+ __simple_unlink(dir, dentry);
+ dput(dentry);
+ }
d_delete(dentry);
dput(dentry);
}
--
2.47.3
next prev parent reply other threads:[~2025-10-28 4:51 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-28 0:45 [PATCH v2 00/50] tree-in-dcache stuff Al Viro
2025-10-28 0:45 ` [PATCH v2 01/50] fuse_ctl_add_conn(): fix nlink breakage in case of early failure Al Viro
2025-10-28 0:45 ` [PATCH v2 02/50] tracefs: fix a leak in eventfs_create_events_dir() Al Viro
2025-10-28 1:15 ` Steven Rostedt
2025-10-28 0:45 ` [PATCH v2 03/50] new helper: simple_remove_by_name() Al Viro
2025-10-28 0:45 ` [PATCH v2 04/50] new helper: simple_done_creating() Al Viro
2025-10-28 0:45 ` [PATCH v2 05/50] introduce a flag for explicitly marking persistently pinned dentries Al Viro
2025-10-28 0:45 ` [PATCH v2 06/50] primitives for maintaining persisitency Al Viro
2025-10-28 12:38 ` James Bottomley
2025-10-29 5:10 ` Al Viro
2025-10-29 15:25 ` James Bottomley
2025-10-28 0:45 ` [PATCH v2 07/50] convert simple_{link,unlink,rmdir,rename,fill_super}() to new primitives Al Viro
2025-10-29 14:02 ` [External] : " Mark Tinguely
2025-10-29 17:55 ` Al Viro
2025-10-28 0:45 ` [PATCH v2 08/50] convert ramfs and tmpfs Al Viro
2025-10-28 0:45 ` [PATCH v2 09/50] procfs: make /self and /thread_self dentries persistent Al Viro
2025-10-28 0:45 ` [PATCH v2 10/50] configfs, securityfs: kill_litter_super() not needed Al Viro
2025-10-28 23:58 ` Paul Moore
2025-10-29 6:18 ` Andreas Hindborg
2025-10-28 0:45 ` [PATCH v2 11/50] convert xenfs Al Viro
2025-10-28 0:45 ` [PATCH v2 12/50] convert smackfs Al Viro
2025-10-28 0:45 ` [PATCH v2 13/50] convert hugetlbfs Al Viro
2025-10-28 0:45 ` [PATCH v2 14/50] convert mqueue Al Viro
2025-10-28 0:45 ` [PATCH v2 15/50] convert bpf Al Viro
2025-10-28 0:45 ` [PATCH v2 16/50] convert dlmfs Al Viro
2025-10-28 0:45 ` [PATCH v2 17/50] convert fuse_ctl Al Viro
2025-10-28 0:45 ` [PATCH v2 18/50] convert pstore Al Viro
2025-11-04 1:43 ` Kees Cook
2025-10-28 0:45 ` [PATCH v2 19/50] convert tracefs Al Viro
2025-10-28 15:37 ` Steven Rostedt
2025-10-28 0:45 ` [PATCH v2 20/50] convert debugfs Al Viro
2025-10-28 0:45 ` [PATCH v2 21/50] debugfs: remove duplicate checks in callers of start_creating() Al Viro
2025-10-28 0:45 ` [PATCH v2 22/50] convert efivarfs Al Viro
2025-10-28 12:53 ` James Bottomley
2025-10-28 17:45 ` Al Viro
2025-10-28 21:08 ` Al Viro
2025-10-28 21:34 ` Ard Biesheuvel
2025-10-29 18:08 ` Al Viro
2025-10-29 18:26 ` Ard Biesheuvel
2025-10-29 18:57 ` James Bottomley
2025-10-29 19:37 ` Al Viro
2025-10-29 19:48 ` James Bottomley
2025-10-30 13:35 ` Ard Biesheuvel
2025-11-05 11:47 ` Christian Brauner
2025-11-05 13:09 ` James Bottomley
2025-11-05 13:16 ` Christian Brauner
2025-11-05 13:33 ` James Bottomley
2025-11-05 13:46 ` Christian Brauner
2025-11-05 14:01 ` James Bottomley
2025-11-05 15:23 ` Christian Brauner
2025-11-05 13:43 ` Christian Brauner
2025-11-09 20:40 ` Al Viro
2025-11-11 10:56 ` Christian Brauner
2025-11-19 21:15 ` [REGRESSION] " Chris Bainbridge
2025-11-25 9:00 ` Christian Brauner
2025-11-05 14:34 ` Ard Biesheuvel
2025-10-28 0:45 ` [PATCH v2 23/50] convert spufs Al Viro
2025-10-28 1:15 ` bot+bpf-ci
2025-10-28 1:33 ` Al Viro
2025-10-28 0:45 ` [PATCH v2 24/50] convert ibmasmfs Al Viro
2025-10-28 0:45 ` [PATCH v2 25/50] ibmasmfs: get rid of ibmasmfs_dir_ops Al Viro
2025-10-28 0:45 ` [PATCH v2 26/50] convert devpts Al Viro
2025-10-28 0:45 ` [PATCH v2 27/50] binderfs: use simple_start_creating() Al Viro
2025-10-28 0:45 ` [PATCH v2 28/50] binderfs_binder_ctl_create(): kill a bogus check Al Viro
2025-10-28 0:45 ` [PATCH v2 29/50] convert binderfs Al Viro
2025-10-28 0:45 ` [PATCH v2 30/50] autofs_{rmdir,unlink}: dentry->d_fsdata->dentry == dentry there Al Viro
2025-10-28 0:45 ` [PATCH v2 31/50] convert autofs Al Viro
2025-10-28 1:55 ` Al Viro
2025-10-28 5:32 ` Linus Torvalds
2025-10-28 0:45 ` [PATCH v2 32/50] convert binfmt_misc Al Viro
2025-10-28 0:45 ` [PATCH v2 33/50] selinuxfs: don't stash the dentry of /policy_capabilities Al Viro
2025-10-29 0:08 ` Paul Moore
2025-10-29 15:19 ` Stephen Smalley
2025-10-28 0:45 ` [PATCH v2 34/50] selinuxfs: new helper for attaching files to tree Al Viro
2025-10-28 23:51 ` Paul Moore
2025-10-29 15:22 ` Stephen Smalley
2025-10-28 0:45 ` [PATCH v2 35/50] convert selinuxfs Al Viro
2025-10-29 0:02 ` Paul Moore
2025-10-29 3:24 ` Al Viro
2025-10-29 14:49 ` Paul Moore
2025-10-29 15:06 ` Stephen Smalley
2025-10-28 0:45 ` [PATCH v2 36/50] functionfs: switch to simple_remove_by_name() Al Viro
2025-10-28 8:47 ` Greg KH
2025-10-28 0:45 ` [PATCH v2 37/50] convert functionfs Al Viro
2025-10-28 0:45 ` [PATCH v2 38/50] gadgetfs: switch to simple_remove_by_name() Al Viro
2025-10-28 0:45 ` [PATCH v2 39/50] convert gadgetfs Al Viro
2025-10-28 0:45 ` [PATCH v2 40/50] hypfs: don't pin dentries twice Al Viro
2025-10-28 0:46 ` [PATCH v2 41/50] hypfs: switch hypfs_create_str() to returning int Al Viro
2025-10-28 0:46 ` [PATCH v2 42/50] hypfs: swich hypfs_create_u64() " Al Viro
2025-10-28 0:46 ` [PATCH v2 43/50] convert hypfs Al Viro
2025-10-28 0:46 ` [PATCH v2 44/50] convert rpc_pipefs Al Viro
2025-10-28 0:46 ` [PATCH v2 45/50] convert nfsctl Al Viro
2025-10-28 0:46 ` [PATCH v2 46/50] convert rust_binderfs Al Viro
2025-10-28 0:46 ` [PATCH v2 47/50] get rid of kill_litter_super() Al Viro
2025-10-28 0:46 ` [PATCH v2 48/50] convert securityfs Al Viro
2025-10-29 0:10 ` Paul Moore
2025-10-28 0:46 ` [PATCH v2 49/50] kill securityfs_recursive_remove() Al Viro
2025-10-29 0:04 ` Paul Moore
2025-10-28 0:46 ` Al Viro [this message]
2025-10-28 0:59 ` [PATCH v2 00/50] tree-in-dcache stuff Al Viro
2025-10-28 5:33 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251028004614.393374-51-viro@zeniv.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=a.hindborg@kernel.org \
--cc=borntraeger@linux.ibm.com \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=casey@schaufler-ca.com \
--cc=gregkh@linuxfoundation.org \
--cc=jack@suse.cz \
--cc=john.johansen@canonical.com \
--cc=kees@kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-usb@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=miklos@szeredi.hu \
--cc=neil@brown.name \
--cc=ocfs2-devel@lists.linux.dev \
--cc=paul@paul-moore.com \
--cc=raven@themaw.net \
--cc=rostedt@goodmis.org \
--cc=selinux@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox