fs: Detect API misuse of i_op->lookup

Message ID	1422223060-8561-1-git-send-email-richard@nod.at (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-fsdevel-owner@kernel.org> From: Richard Weinberger <richard@nod.at> To: viro@zeniv.linux.org.uk Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Richard Weinberger <richard@nod.at> Subject: [PATCH] fs: Detect API misuse of i_op->lookup Date: Sun, 25 Jan 2015 22:57:40 +0100 Message-Id: <1422223060-8561-1-git-send-email-richard@nod.at> Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk

Message ID

1422223060-8561-1-git-send-email-richard@nod.at (mailing list archive)

State

New, archived

Headers

From: Richard Weinberger <richard@nod.at>
To: viro@zeniv.linux.org.uk
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	Richard Weinberger <richard@nod.at>
Subject: [PATCH] fs: Detect API misuse of i_op->lookup
Date: Sun, 25 Jan 2015 22:57:40 +0100
Message-Id: <1422223060-8561-1-git-send-email-richard@nod.at>
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk

Commit Message

Richard Weinberger Jan. 25, 2015, 9:57 p.m. UTC

Hunting down a refcount issue in an out-of-tree filesystem uncovered
that its lookup function directly returned the dentry which was passed to it.
Add a BUG_ON() to detect such misuse in future.

Signed-off-by: Richard Weinberger <richard@nod.at>
---
 fs/namei.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Al Viro Jan. 25, 2015, 10:16 p.m. UTC | #1

On Sun, Jan 25, 2015 at 10:57:40PM +0100, Richard Weinberger wrote:
> Hunting down a refcount issue in an out-of-tree filesystem uncovered
> that its lookup function directly returned the dentry which was passed to it.
> Add a BUG_ON() to detect such misuse in future.

In principle, it's not a bug.  You *must* grab a reference to dentry before
returning it, but you can very well decide to return the one you've got -
any place where have ->lookup() return NULL has every right to become
return dget(dentry).
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Richard Weinberger Jan. 25, 2015, 10:20 p.m. UTC | #2

Am 25.01.2015 um 23:16 schrieb Al Viro:
> On Sun, Jan 25, 2015 at 10:57:40PM +0100, Richard Weinberger wrote:
>> Hunting down a refcount issue in an out-of-tree filesystem uncovered
>> that its lookup function directly returned the dentry which was passed to it.
>> Add a BUG_ON() to detect such misuse in future.
> 
> In principle, it's not a bug.  You *must* grab a reference to dentry before
> returning it, but you can very well decide to return the one you've got -
> any place where have ->lookup() return NULL has every right to become
> return dget(dentry).

Thanks for the clarification! The filesystem in question did of course
not grab a reference before returning the same dentry.

Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/fs/namei.c b/fs/namei.c
index bc35b02..f8ccae6 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1370,6 +1370,7 @@  static struct dentry *lookup_real(struct inode *dir, struct dentry *dentry,
 
 	old = dir->i_op->lookup(dir, dentry, flags);
 	if (unlikely(old)) {
+		BUG_ON(old == dentry);
 		dput(dentry);
 		dentry = old;
 	}

fs: Detect API misuse of i_op->lookup

Commit Message

Comments

Patch