[Devel] [PATCH RHEL7 COMMIT] nfs: remove excess dput in nfs_prime_dcache

Konstantin Khorenko khorenko at virtuozzo.com
Thu Aug 11 20:14:29 MSK 2022 

The commit is pushed to "branch-rh7-3.10.0-1160.66.1.vz7.188.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.66.1.vz7.188.8
------>
commit ab16f88c858395fa8fe092056229572a61a9cfa4
Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Date:   Thu Aug 11 16:54:55 2022 +0300

    nfs: remove excess dput in nfs_prime_dcache
    
    Imagine code path:
    
    static
    void nfs_prime_dcache(struct dentry *parent, struct nfs_entry *entry)
    {
    ...
            dentry = d_lookup(parent, &filename); // get non-null dentry
            if (dentry != NULL) { // true
                    /* Is there a mountpoint here? If so, just exit */
                    if (!nfs_fsid_equal(&NFS_SB(dentry->d_sb)->fsid,
                                            &entry->fattr->fsid)) // false
                            goto out;
                    if (nfs_same_file(dentry, entry)) { // false
                            if (!entry->fh->size)
                                    goto out;
                            nfs_set_verifier(dentry, nfs_save_change_attribute(dir));
                            status = nfs_refresh_inode(dentry->d_inode, entry->fattr);
                            if (!status)
                                    nfs_setsecurity(dentry->d_inode, entry->fattr, entry->label);
                            goto out;
                    } else {
                            if (d_invalidate(dentry) != 0) // false
                                    goto out;
                            dput(dentry); // put dentry first time
                    }
            }
            if (!entry->fh->size) // true
                    goto out;
    ...
    out:
            dput(dentry); // put dentry second time
    }
    
    Because of this excess dput we get a crash in __put_nfs_open_context
    as ctx->dentry->inode becomes zero.
    
    Problem appeared due to bad port of [1] in RHEL.
    
    7dc72d5f7a0e ("NFS: Fix inode corruption in nfs_prime_dcache()") [1]
    
    https://jira.sw.ru/browse/PSBM-141526
    Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
    Acked-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
 fs/nfs/dir.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index bd1a419d34c71..033e653193279 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -527,7 +527,7 @@ void nfs_prime_dcache(struct dentry *parent, struct nfs_entry *entry)
 		}
 	}
 	if (!entry->fh->size)
-		goto out;
+		return;
 
 	dentry = d_alloc(parent, &filename);
 	if (dentry == NULL)

More information about the Devel mailing list