Re: [PATCH] First casuality of hlist poisoning in 2.5.70

From: Linus Torvalds (
Date: Wed Jun 11 2003 - 18:50:03 EST

On Wed, 11 Jun 2003, Trond Myklebust wrote:
> This patch removes the Oops that occurs when either the source or
> the target of a d_move() operation is unhashed. It is currently
> triggered by the NFS sillyrename code.

Cool. The thing found something!

However, I'm still a bit confused:

> - hlist_del_rcu(&dentry->d_hash);
> - hlist_add_head_rcu(&dentry->d_hash, target->d_bucket);
> + if (!hlist_unhashed(&dentry->d_hash))
> + hlist_del_rcu(&dentry->d_hash);
> + if (!hlist_unhashed(&target->d_hash)) {
> + hlist_add_head_rcu(&dentry->d_hash, target->d_bucket);
> + dentry->d_vfs_flags &= ~DCACHE_UNHASHED;
> + } else
> + dentry->d_vfs_flags |= DCACHE_UNHASHED;

Can source or target really be validly unhashed? That makes no sense,
since we just looked it up, and we've held the directory semaphores over
the whole thing.

In other words, I worry that the real bug is something else, and your
patch makes it not oops, but hides the real problem.

I'm sure you're right, but can you tell me what the sequence of events is
that validly leads to this?


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Sun Jun 15 2003 - 22:00:30 EST