Re: [PATCH v2] ovl: fix dentry leak in ovl_get_redirect
From: Al Viro
Date: Mon Dec 21 2020 - 01:27:49 EST
On Sun, Dec 20, 2020 at 08:09:27PM +0800, Liangyan wrote:
> +++ b/fs/overlayfs/dir.c
> @@ -973,6 +973,7 @@ static char *ovl_get_redirect(struct dentry *dentry, bool abs_redirect)
> for (d = dget(dentry); !IS_ROOT(d);) {
> const char *name;
> int thislen;
> + struct dentry *parent = NULL;
>
> spin_lock(&d->d_lock);
> name = ovl_dentry_get_redirect(d);
> @@ -992,7 +993,22 @@ static char *ovl_get_redirect(struct dentry *dentry, bool abs_redirect)
>
> buflen -= thislen;
> memcpy(&buf[buflen], name, thislen);
> - tmp = dget_dlock(d->d_parent);
> + parent = d->d_parent;
> + if (unlikely(!spin_trylock(&parent->d_lock))) {
> + rcu_read_lock();
> + spin_unlock(&d->d_lock);
> +again:
> + parent = READ_ONCE(d->d_parent);
> + spin_lock(&parent->d_lock);
> + if (unlikely(parent != d->d_parent)) {
> + spin_unlock(&parent->d_lock);
> + goto again;
> + }
> + rcu_read_unlock();
> + spin_lock_nested(&d->d_lock, DENTRY_D_LOCK_NESTED);
> + }
> + tmp = dget_dlock(parent);
> + spin_unlock(&parent->d_lock);
> spin_unlock(&d->d_lock);
Yecchhhh.... What's wrong with just doing
spin_unlock(&d->d_lock);
parent = dget_parent(d);
dput(d);
d = parent;
instead of that?