Re: [PATCH][RFC] race in exportfs_decode_fh()

From: Linus Torvalds
Date: Sat Nov 09 2019 - 11:56:04 EST

Next message: Dmitry Osipenko: "Re: [PATCH v2] drm/tegra: Turn off and reset hardware across suspend-resume"
Previous message: Christian Brauner: "Re: For review: documentation of clone3() system call"
In reply to: Al Viro: "[PATCH][RFC] race in exportfs_decode_fh()"
Next in thread: Al Viro: "Re: [PATCH][RFC] race in exportfs_decode_fh()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 8, 2019 at 7:13 PM Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
>
> We have derived the parent from fhandle, we have a disconnected dentry for child,
> we go look for the name. We even find it. Now, we want to look it up. And
> some bastard goes and unlinks it, just as we are trying to lock the parent.
> We do a lookup, and get a negative dentry. Then we unlock the parent... and
> some other bastard does e.g. mkdir with the same name. OK, nresult->d_inode
> is not NULL (anymore). It has fuck-all to do with the original fhandle
> (different inumber, etc.) but we happily accept it.

No arguments with your patch, although I doubt that this case has
actually ever happened in practice ;)

Linus

Next message: Dmitry Osipenko: "Re: [PATCH v2] drm/tegra: Turn off and reset hardware across suspend-resume"
Previous message: Christian Brauner: "Re: For review: documentation of clone3() system call"
In reply to: Al Viro: "[PATCH][RFC] race in exportfs_decode_fh()"
Next in thread: Al Viro: "Re: [PATCH][RFC] race in exportfs_decode_fh()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]