Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753350AbdDKGsn (ORCPT ); Tue, 11 Apr 2017 02:48:43 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:40632 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752722AbdDKGsm (ORCPT ); Tue, 11 Apr 2017 02:48:42 -0400 Date: Tue, 11 Apr 2017 07:48:40 +0100 From: Al Viro To: Linus Torvalds Cc: Linux Kernel Mailing List , linux-fsdevel Subject: Re: [git pull] vfs fixes Message-ID: <20170411064840.GG29622@ZenIV.linux.org.uk> References: <20170409053956.GB29622@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.7.1 (2016-10-04) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 972 Lines: 25 On Mon, Apr 10, 2017 at 11:10:19PM -0700, Linus Torvalds wrote: > It looks odd because the lock part is > > if (flags & LOOKUP_RCU) > rcu_read_lock(); > > ie it's locked conditionally, and the code in between does not seem to > return every time LOOKUP_RCU is clear. > > So mind giving this a look? Is it as obviously buggy as I think it is, > or is there something I'm missing? It's more obscure than I would like, and can grow into a bug one day, but... nd_jump_root() can only return non-zero if you have LOOKUP_RCU. So without LOOKUP_RCU in flags, this if (flags & LOOKUP_RCU) rcu_read_lock(); set_root(nd); if (likely(!nd_jump_root(nd))) return s; nd->root.mnt = NULL; rcu_read_unlock(); won't get to that rcu_read_unlock() at all - it'll get zero from nd_jump_root() and proceed to return s;