Re: [PATCH 4/4] configfs: Correct condition for returning -EEXIST in configfs_symlink()

From: Joel Becker
Date: Tue Apr 08 2025 - 18:51:20 EST

Next message: Shuah Khan: "Re: [PATCH] selftests/futex: futex_waitv wouldblock test should fail"
Previous message: Dave Chinner: "Re: [PATCH v6 02/12] xfs: add helpers to compute log item overhead"
In reply to: Zijun Hu: "[PATCH 4/4] configfs: Correct condition for returning -EEXIST in configfs_symlink()"
Next in thread: Zijun Hu: "Re: [PATCH 4/4] configfs: Correct condition for returning -EEXIST in configfs_symlink()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 08, 2025 at 09:26:10PM +0800, Zijun Hu wrote:
> From: Zijun Hu <quic_zijuhu@xxxxxxxxxxx>
>
> configfs_symlink() returns -EEXIST under condition d_unhashed(), but the
> condition often means the dentry does not exist.
>
> Fix by changing the condition to !d_unhashed().

I don't think this is quite right.

viro put this together in 351e5d869e5ac, which was a while ago. Read
his comment on 351e5d869e5ac. Because I unlock the parent directory to
look up the target, we can't trust our symlink dentry hasn't been
changed underneath us.

* If there is now dentry->d_inode, some other inode has been put here.
-EEXIST.
* If the dentry was unhashed, somehow the dentry we are creating was
removed from the dcache, and adding things to our dentry will at best
go nowhere, and at worst dangle in space. I'm pretty sure viro
returns -EEXIST because if this dentry is unhashed, some *other*
dentry has entered the dcache in its place (another file type,
perhaps).

If you instead check for !d_unhashed(), you're discovering our candidate
dentry is still live in the dcache, which is what we expect and want.

How did you identify this as a problem? Perhaps we need a more nuanced
check than d_unhashed() these days (for example, d_is_positive/negative
didn't exist back then).

Thanks,
Joel

PS: I enjoyed the trip down memory lane to Al reaming me quite
thoroughly for this API.

>
> Fixes: 351e5d869e5a ("configfs: fix a deadlock in configfs_symlink()")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Zijun Hu <quic_zijuhu@xxxxxxxxxxx>
> ---
> fs/configfs/symlink.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/configfs/symlink.c b/fs/configfs/symlink.c
> index 69133ec1fac2a854241c2a08a3b48c4c2e8d5c24..cccf61fb8317d739643834e1810b7f136058f56c 100644
> --- a/fs/configfs/symlink.c
> +++ b/fs/configfs/symlink.c
> @@ -193,7 +193,7 @@ int configfs_symlink(struct mnt_idmap *idmap, struct inode *dir,
> if (ret)
> goto out_put;
>
> - if (dentry->d_inode || d_unhashed(dentry))
> + if (dentry->d_inode || !d_unhashed(dentry))
> ret = -EEXIST;
> else
> ret = inode_permission(&nop_mnt_idmap, dir,
>
> --
> 2.34.1
>

--

"We will have to repent in this generation not merely for the
vitriolic words and actions of the bad people, but for the
appalling silence of the good people."
- Rev. Dr. Martin Luther King, Jr.

http://www.jlbec.org/
jlbec@xxxxxxxxxxxx

Next message: Shuah Khan: "Re: [PATCH] selftests/futex: futex_waitv wouldblock test should fail"
Previous message: Dave Chinner: "Re: [PATCH v6 02/12] xfs: add helpers to compute log item overhead"
In reply to: Zijun Hu: "[PATCH 4/4] configfs: Correct condition for returning -EEXIST in configfs_symlink()"
Next in thread: Zijun Hu: "Re: [PATCH 4/4] configfs: Correct condition for returning -EEXIST in configfs_symlink()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]