Re: [PATCH] dcache: add extra sanity checks of the dentry in dentry_free()

[Jeff Layton]

On Wed, 2026-04-22 at 15:06 +0200, Christian Brauner wrote:
> On Wed, Apr 22, 2026 at 07:29:48AM -0400, Jeff Layton wrote:
> > If d_flags isn't what we expect, then it's good to display it. Add a new
> > DENTRY_WARN_ONCE() macro that also displays d_flags for the dentry.
> > Change D_FLAG_VERIFY() to call that instead of a generic WARN_ON_ONCE().
> > 
> > Change the existing hlist_unhashed() check in dentry_free() to use the
> > new macro, and add checks for other invariants of a dead dentry. Notably:
> > 
> > 1) Ensure that DCACHE_LRU_LIST and DCACHE_SHRINK_LIST are not set.
> > 
> > 2) Ensure that d_lockref is negative
> > 
> > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> > ---
> > While chatting with Al about this elusive UAF problem, we both noted
> > that it would be nice to know what d_flags are when these warnings pop.
> > This adds that, and checks for some other invariants in dentry_free().
> > ---
> >  fs/dcache.c | 10 ++++++++--
> >  1 file changed, 8 insertions(+), 2 deletions(-)
> > 
> > diff --git a/fs/dcache.c b/fs/dcache.c
> > index 2c61aeea41f4..210df5c0a1f0 100644
> > --- a/fs/dcache.c
> > +++ b/fs/dcache.c
> > @@ -426,9 +426,16 @@ static inline void __d_clear_type_and_inode(struct dentry *dentry)
> >  		this_cpu_inc(nr_dentry_negative);
> >  }
> >  
> > +#define DENTRY_WARN_ONCE(condition, dentry) \
> > +	WARN_ONCE((condition), "dentry=%p d_flags=0x%x\n", (dentry), (dentry)->d_flags)
> > +#define D_FLAG_VERIFY(dentry, x) \
> > +	DENTRY_WARN_ONCE(((dentry)->d_flags & (DCACHE_LRU_LIST | DCACHE_SHRINK_LIST)) != (x), (dentry))
> 
> Would be nice if we had a bunch of dentry debug assert macros in
> vfsdebug.h like we have for VFS_BUG_ON_INODE()/VFS_WARN_ON_INODE() in
> general imo.

Good point. I guess I should have called this VFS_WARN_ON_DENTRY().

There are some other existing warnings in dcache.c that could be
converted to use this too.
-- 
Jeff Layton <jlayton@xxxxxxxxxx>