lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bf1a23fa-d9e3-3fd4-8cf5-2ed53225fe11@suse.com>
Date:   Thu, 18 Apr 2019 17:09:44 +0300
From:   Nikolay Borisov <nborisov@...e.com>
To:     Josef Bacik <josef@...icpanda.com>
Cc:     Pan Bian <bianpan2016@....com>, Chris Mason <clm@...com>,
        David Sterba <dsterba@...e.com>, linux-btrfs@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [V2] btrfs: drop inode reference count on error path



On 18.04.19 г. 17:07 ч., Josef Bacik wrote:
> On Thu, Apr 18, 2019 at 03:50:00PM +0300, Nikolay Borisov wrote:
>>
>>
>> On 18.04.19 г. 14:06 ч., Pan Bian wrote:
>>> The reference count of inode is incremented by ihold. It should be
>>> dropped if not used. However, the reference count is not dropped if
>>> error occurs during updating the inode or deleting orphan items. This
>>> patch fixes the bug.
>>>
>>> Signed-off-by: Pan Bian <bianpan2016@....com>
>>> ---
>>> V2: move ihold just before device_initialize to make code clearer
>>> ---
>>>  fs/btrfs/inode.c | 54 +++++++++++++++++++++++++-----------------------------
>>>  1 file changed, 25 insertions(+), 29 deletions(-)
>>>
>>> diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
>>> index 82fdda8..d6630df 100644
>>> --- a/fs/btrfs/inode.c
>>> +++ b/fs/btrfs/inode.c
>>> @@ -6579,7 +6579,7 @@ static int btrfs_link(struct dentry *old_dentry, struct inode *dir,
>>>  	struct btrfs_fs_info *fs_info = btrfs_sb(inode->i_sb);
>>>  	u64 index;
>>>  	int err;
>>> -	int drop_inode = 0;
>>> +	int log_mode;
>>>  
>>>  	/* do not allow sys_link's with other subvols of the same device */
>>>  	if (root->root_key.objectid != BTRFS_I(inode)->root->root_key.objectid)
>>> @@ -6616,41 +6616,37 @@ static int btrfs_link(struct dentry *old_dentry, struct inode *dir,
>>>  	err = btrfs_add_nondir(trans, BTRFS_I(dir), dentry, BTRFS_I(inode),
>>>  			1, index);
>>>  
>>> -	if (err) {
>>> -		drop_inode = 1;
>>> -	} else {
>>> -		struct dentry *parent = dentry->d_parent;
>>> -		int ret;
>>> +	if (err)
>>> +		goto err_link;
>>>  
>>> -		err = btrfs_update_inode(trans, root, inode);
>>> +	err = btrfs_update_inode(trans, root, inode);
>>> +	if (err)
>>> +		goto err_link;
>>> +	if (inode->i_nlink == 1) {
>>> +		/*
>>> +		 * If new hard link count is 1, it's a file created
>>> +		 * with open(2) O_TMPFILE flag.
>>> +		 */
>>> +		err = btrfs_orphan_del(trans, BTRFS_I(inode));
>>>  		if (err)
>>> -			goto fail;
>>> -		if (inode->i_nlink == 1) {
>>> -			/*
>>> -			 * If new hard link count is 1, it's a file created
>>> -			 * with open(2) O_TMPFILE flag.
>>> -			 */
>>> -			err = btrfs_orphan_del(trans, BTRFS_I(inode));
>>> -			if (err)
>>> -				goto fail;
>>> -		}
>>> -		BTRFS_I(inode)->last_link_trans = trans->transid;
>>> -		d_instantiate(dentry, inode);
>>> -		ret = btrfs_log_new_name(trans, BTRFS_I(inode), NULL, parent,
>>> -					 true, NULL);
>>> -		if (ret == BTRFS_NEED_TRANS_COMMIT) {
>>> -			err = btrfs_commit_transaction(trans);
>>> -			trans = NULL;
>>> -		}
>>> +			goto err_link;
>>> +	}
>>> +	BTRFS_I(inode)->last_link_trans = trans->transid;
>>> +	ihold(inode);
> 
> Where is the iput for this ihold?

This ihold is sort of "given" to the d_instantiate. I.e the iput happens
when the respective dentry is unhashed/removed.

> 
> Josef
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ