Re: [PATCH] First casuality of hlist poisoning in 2.5.70

Linus Torvalds (torvalds@transmeta.com)
Wed, 11 Jun 2003 16:50:03 -0700 (PDT)


On Wed, 11 Jun 2003, Trond Myklebust wrote:
>
> This patch removes the Oops that occurs when either the source or
> the target of a d_move() operation is unhashed. It is currently
> triggered by the NFS sillyrename code.

Cool. The thing found something!

However, I'm still a bit confused:

> - hlist_del_rcu(&dentry->d_hash);
> - hlist_add_head_rcu(&dentry->d_hash, target->d_bucket);
> + if (!hlist_unhashed(&dentry->d_hash))
> + hlist_del_rcu(&dentry->d_hash);
> + if (!hlist_unhashed(&target->d_hash)) {
> + hlist_add_head_rcu(&dentry->d_hash, target->d_bucket);
> + dentry->d_vfs_flags &= ~DCACHE_UNHASHED;
> + } else
> + dentry->d_vfs_flags |= DCACHE_UNHASHED;

Can source or target really be validly unhashed? That makes no sense,
since we just looked it up, and we've held the directory semaphores over
the whole thing.

In other words, I worry that the real bug is something else, and your
patch makes it not oops, but hides the real problem.

I'm sure you're right, but can you tell me what the sequence of events is
that validly leads to this?

Linus

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/