From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4CD1C433B4 for ; Wed, 14 Apr 2021 03:56:49 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 50EA1613BB for ; Wed, 14 Apr 2021 03:56:49 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 50EA1613BB Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=zeniv.linux.org.uk Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id A95406B0072; Tue, 13 Apr 2021 23:56:48 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9F64E6B0073; Tue, 13 Apr 2021 23:56:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8969E6B0074; Tue, 13 Apr 2021 23:56:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0007.hostedemail.com [216.40.44.7]) by kanga.kvack.org (Postfix) with ESMTP id 6CFDA6B0072 for ; Tue, 13 Apr 2021 23:56:48 -0400 (EDT) Received: from smtpin37.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 1A93E181D863C for ; Wed, 14 Apr 2021 03:56:48 +0000 (UTC) X-FDA: 78029611296.37.C80E633 Received: from zeniv-ca.linux.org.uk (zeniv-ca.linux.org.uk [142.44.231.140]) by imf09.hostedemail.com (Postfix) with ESMTP id 9B6956000112 for ; Wed, 14 Apr 2021 03:56:44 +0000 (UTC) Received: from viro by zeniv-ca.linux.org.uk with local (Exim 4.94 #2 (Red Hat Linux)) id 1lWWdw-005Bid-Gt; Wed, 14 Apr 2021 03:56:44 +0000 Date: Wed, 14 Apr 2021 03:56:44 +0000 From: Al Viro To: Gautham Ananthakrishna Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, matthew.wilcox@oracle.com, khlebnikov@yandex-team.ru Subject: Re: [PATCH RFC 6/6] dcache: prevent flooding with negative dentries Message-ID: References: <1611235185-1685-1-git-send-email-gautham.ananthakrishna@oracle.com> <1611235185-1685-7-git-send-email-gautham.ananthakrishna@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1611235185-1685-7-git-send-email-gautham.ananthakrishna@oracle.com> X-Rspamd-Queue-Id: 9B6956000112 X-Stat-Signature: hj4jzwhrigjo5ah59scc4guox7ekjp9p X-Rspamd-Server: rspam02 Received-SPF: none (ftp.linux.org.uk>: No applicable sender policy available) receiver=imf09; identity=mailfrom; envelope-from=""; helo=zeniv-ca.linux.org.uk; client-ip=142.44.231.140 X-HE-DKIM-Result: none/none X-HE-Tag: 1618372604-309764 X-Bogosity: Ham, tests=bogofilter, spamicity=0.001975, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Jan 21, 2021 at 06:49:45PM +0530, Gautham Ananthakrishna wrote: > + spin_lock(&victim->d_lock); > + parent = lock_parent(victim); > + > + rcu_read_unlock(); Similar story. As soon as you hit that rcu_read_unlock(), the memory pointed to by victim might be reused. If you have hit __lock_parent(), victim->d_lock had been dropped and regained. Which means that freeing might've been already scheduled. Unlike #1/6, here you won't get memory corruption in lock_parent() itself, but... > + > + if (d_count(victim) || !d_is_negative(victim) || > + (victim->d_flags & DCACHE_REFERENCED)) { > + if (parent) > + spin_unlock(&parent->d_lock); > + spin_unlock(&victim->d_lock); ... starting from here you just might.