Hi!
From: Al Viro viro@zeniv.linux.org.uk
commit e72b9dd6a5f17d0fb51f16f8685f3004361e83d0 upstream.
lower_dentry can't go from positive to negative (we have it pinned), but it *can* go from negative to positive. So fetching ->d_inode into a local variable, doing a blocking allocation, checking that now ->d_inode is non-NULL and feeding the value we'd fetched earlier to a function that won't accept NULL is not a good idea.
Cc: stable@vger.kernel.org --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -345,7 +345,15 @@ static struct dentry *ecryptfs_lookup_in dentry_info->lower_path.mnt = lower_mnt; dentry_info->lower_path.dentry = lower_dentry;
- if (d_really_is_negative(lower_dentry)) {
- /*
* negative dentry can go positive under us here - its parent is not* locked. That's OK and that could happen just as we return from* ecryptfs_lookup() anyway. Just need to be careful and fetch* ->d_inode only once - it's not stable here.*/- lower_inode = READ_ONCE(lower_dentry->d_inode);
Should this use d_inode_rcu() function, to keep the abstraction provided by the header file?
Best regards, Pavel