Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp3465795rdh;
        Thu, 28 Sep 2023 12:27:59 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IGlBTyCeRfYN10JccLqA5ORnJiyC5dfS0ikFjbnbKgBnaomeHLrJvr85LlyELD36Utv0rAP
X-Received: by 2002:a17:903:41c7:b0:1bd:d510:78fb with SMTP id u7-20020a17090341c700b001bdd51078fbmr3867412ple.3.1695929278804;
        Thu, 28 Sep 2023 12:27:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1695929278; cv=none;
        d=google.com; s=arc-20160816;
        b=BnSyR65ktNi5jgQiBigHldudJoJmXkP7ICKwImO255kCkmkHmP0xTUMtHaZDj7/dGR
         ibcdlfBiDozvx2Y4fZS0Fpy+qCdMao9T2MmBjgOFRhMNXI3zTngFzitFVy6fMVLGN8Hv
         1X4P0XRfO0rf/ydA7La3UosEvHzZ0f5nuOHUPcHCneLWpPRMmqOmsxsbRU9yl1S6kWLP
         gMJpMMy8xyNdbyt+ZWMPKHmc9wam8hRZNCfDF0M/YGVVBHjDs7sppb2hHaJtUYAtPhR9
         JEeZQ61ncr2F6CmAXb91gy+CRNpdIchpjL+GxP6v9/1y8HWYvOt3kLJ8FKG/rpjctFrC
         0IlQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:references:in-reply-to:subject:cc:to:from
         :dkim-signature:dkim-signature;
        bh=KvZ2+lVVGC6fG0+TRC9F7fERAgSpJyW4xAyt96q+Vxc=;
        fh=DAxWT98bcJKj2DTbwMRbXyUbDUsocGzRbbDZvMLtZnA=;
        b=neKqnz3EyHGlnq3YJ/YCHjQlVw0Lkr9e3cP6ZRXjPLEPROqtz79Rek6RPcjp9WsjS0
         tCoR+E2wwnbfUf/TwQR17Wwdu8Zz0QtqNWq65osWWHvyaH67AFVbAKHoGcUJyWvb8mkV
         nCJlTfllpwxk8Xuc6Tu6N0KyN7G3sRsuySPx6mgxO4HnSf+CdI/HNQo4CWI1G7qpPlbt
         yJeQ8aysI1jKpOibeVIkCHxqBVruyPQSjfimNpHUq8IRk6pOJKWz+92g9Pm5OYji1aNN
         CbXp6Z8YhDGoQmEN8Ac1kMGBtDFcER1lARszqhwVtZrafZ6FJK7xXcEpz3GZHlz/kMeu
         Rdjw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=ptCb4TYC;
       dkim=neutral (no key) header.i=@suse.de;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7])
        by mx.google.com with ESMTPS id w2-20020a637b02000000b00573fb2f7537si19640012pgc.586.2023.09.28.12.27.58
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 28 Sep 2023 12:27:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=ptCb4TYC;
       dkim=neutral (no key) header.i=@suse.de;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by snail.vger.email (Postfix) with ESMTP id 4A302831DBF1;
	Thu, 28 Sep 2023 08:07:01 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231696AbjI1PGs (ORCPT <rfc822;stevenley.huang@gmail.com>
        + 99 others); Thu, 28 Sep 2023 11:06:48 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59398 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231612AbjI1PGq (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 28 Sep 2023 11:06:46 -0400
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 48431194;
        Thu, 28 Sep 2023 08:06:43 -0700 (PDT)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by smtp-out2.suse.de (Postfix) with ESMTPS id C6AED1F45A;
        Thu, 28 Sep 2023 15:06:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
        t=1695913601; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=KvZ2+lVVGC6fG0+TRC9F7fERAgSpJyW4xAyt96q+Vxc=;
        b=ptCb4TYC9YIVqfS0D/JnTThCt0sxx34Ez/BPz+d/vIoTaGgsjrQt9CHdoYPmKnDl6Vmarh
        E4TWTAqwhEKcx3Mg9zxMQ/fkC/GEZFnUJc3gt0AwVkiRzV4Et26KMisDfjIUj0eEo9FEPq
        8rYjoRH1uiAzlHqCWAM6+cTZRR7IloI=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
        s=susede2_ed25519; t=1695913601;
        h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=KvZ2+lVVGC6fG0+TRC9F7fERAgSpJyW4xAyt96q+Vxc=;
        b=eZXGn5WYGpuUYBxLrc2R6x3cywtFddiSOY5dU3T2qpkP9eTjacRpEkSU0VKcnupuj1aUVM
        g+4hX5BouSriSZAw==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 5FC8E138E9;
        Thu, 28 Sep 2023 15:06:41 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id ygAfFIGWFWUkIwAAMHmgww
        (envelope-from <lhenriques@suse.de>); Thu, 28 Sep 2023 15:06:41 +0000
Received: from localhost (brahms.olymp [local])
        by brahms.olymp (OpenSMTPD) with ESMTPA id 55947dc4;
        Thu, 28 Sep 2023 15:06:40 +0000 (UTC)
From:   =?utf-8?Q?Lu=C3=ADs_Henriques?= <lhenriques@suse.de>
To:     Mateusz Guzik <mjguzik@gmail.com>
Cc:     Alexander Viro <viro@zeniv.linux.org.uk>,
        Christian Brauner <brauner@kernel.org>,
        David Howells <dhowells@redhat.com>,
        linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] fs: fix possible extra iput() in do_unlinkat()
In-Reply-To: <20230928134513.l2y3eknt2hfq3qgx@f> (Mateusz Guzik's message of
        "Thu, 28 Sep 2023 15:45:13 +0200")
References: <20230928131129.14961-1-lhenriques@suse.de>
        <20230928134513.l2y3eknt2hfq3qgx@f>
Date:   Thu, 28 Sep 2023 16:06:40 +0100
Message-ID: <878r8q1gn3.fsf@suse.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 28 Sep 2023 08:07:01 -0700 (PDT)

Mateusz Guzik <mjguzik@gmail.com> writes:

> On Thu, Sep 28, 2023 at 02:11:29PM +0100, Lu=C3=ADs Henriques wrote:
>> Because inode is being initialised before checking if dentry is negative,
>> and the ihold() is only done if the dentry is *not* negative, the cleanup
>> code may end-up doing an extra iput() on that inode.
>>=20
>> Fixes: b18825a7c8e3 ("VFS: Put a small type field into struct dentry::d_=
flags")
>> Signed-off-by: Lu=C3=ADs Henriques <lhenriques@suse.de>
>> ---
>> Hi!
>>=20
>> I was going to also remove the 'if (inode)' before the 'iput(inode)',
>> because 'iput()' already checks for NULL anyway.  But since I probably
>> wouldn't have caught this bug if it wasn't for that 'if', I decided to
>> keep it there.  But I can send v2 with that change too if you prefer.
>>=20
>> Cheers,
>> --
>> Lu=C3=ADs
>>=20
>>  fs/namei.c | 4 +---
>>  1 file changed, 1 insertion(+), 3 deletions(-)
>>=20
>> diff --git a/fs/namei.c b/fs/namei.c
>> index 567ee547492b..156a570d7831 100644
>> --- a/fs/namei.c
>> +++ b/fs/namei.c
>> @@ -4386,11 +4386,9 @@ int do_unlinkat(int dfd, struct filename *name)
>>  	if (!IS_ERR(dentry)) {
>>=20=20
>>  		/* Why not before? Because we want correct error value */
>> -		if (last.name[last.len])
>> +		if (last.name[last.len] || d_is_negative(dentry))
>>  			goto slashes;
>>  		inode =3D dentry->d_inode;
>> -		if (d_is_negative(dentry))
>> -			goto slashes;
>>  		ihold(inode);
>>  		error =3D security_path_unlink(&path, dentry);
>>  		if (error)
>
> I ran into this myself, but I'm pretty sure there is no bug here. The
> code is just incredibly misleading and it became this way from the
> sweeping change introducing d_is_negative. I could not be bothered to
> argue about patching it so I did not do anything. ;)
>
> AFAICS it is an invariant that d_is_negative passes iff d_inode is NULL.

Ah! yes, of course.  Makes sense.  Thanks for your review.

> Personally I support the patch, but commit message needs to stop
> claiming a bug.

OK, I'll rephrase the commit message for v2 so that it's clear it's not
really fixing anything, it just helps clarifying some misleading code
paths.  (Although, to be fair, the commit message doesn't really
explicitly call it a bug :-) ).

Cheers,
--=20
Lu=C3=ADs