Re: KCSAN: data-race in __d_drop / retain_dentry

Next message: John Hubbard: "Re: [PATCH v10 12/21] gpu: nova-core: mm: Add unified page table entry wrapper enums"
Previous message: Werner Sembach: "Re: [PATCH 3/6] platform/x86: uniwill-laptop: Fix behavior of &quot;force&quot; module param"
Next in thread: Al Viro: "Re: KCSAN: data-race in __d_drop / retain_dentry"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Al Viro

Date: Wed Apr 08 2026 - 19:13:38 EST

On Wed, Mar 11, 2026 at 04:02:41PM +0800, Jianzhou Zhao wrote:

> Execution Flow & Code Context
> When a dentry receives its final decrement during a path operation (e.g., inside `dput`), its lifecycle might traverse `__dentry_kill()` leading to `__d_drop()`. Here, VFS manually eradicates the dentry from the hash list by assigning `NULL` to the internal double-linked list pointer tracker `pprev`:
> ```c
> // fs/dcache.c
> void __d_drop(struct dentry *dentry)
> {
> if (!d_unhashed(dentry)) {
> ___d_drop(dentry);
> ...
> dentry->d_hash.pprev = NULL; // <-- Plain concurrent write
> write_seqcount_invalidate(&dentry->d_seq);
> }
> }
> ```
>
> Simultaneously, another thread undergoing an optimistic lockless `dput`

Without having held the reference it's dropping?