unfuck proc_sysctl ->d_compare()
a) struct inode is not going to be freed under ->d_compare(); however, the thing PROC_I(inode)->sysctl points to just might. Fortunately, it's enough to make freeing that sucker delayed, provided that we don't step on its ->unregistering, clear the pointer to it in PROC_I(inode) before dropping the reference and check if it's NULL in ->d_compare(). b) I'm not sure that we *can* walk into NULL inode here (we recheck dentry->seq between verifying that it's still hashed / fetching dentry->d_inode and passing it to ->d_compare() and there's no negative hashed dentries in /proc/sys/*), but if we can walk into that, we really should not have ->d_compare() return 0 on it! Said that, I really suspect that this check can be simply killed. Nick? Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro
@@ -27,6 +27,7 @@
|
||||
static void proc_evict_inode(struct inode *inode)
|
||||
{
|
||||
struct proc_dir_entry *de;
|
||||
struct ctl_table_header *head;
|
||||
|
||||
truncate_inode_pages(&inode->i_data, 0);
|
||||
end_writeback(inode);
|
||||
@@ -38,8 +39,11 @@ static void proc_evict_inode(struct inode *inode)
|
||||
de = PROC_I(inode)->pde;
|
||||
if (de)
|
||||
pde_put(de);
|
||||
if (PROC_I(inode)->sysctl)
|
||||
sysctl_head_put(PROC_I(inode)->sysctl);
|
||||
head = PROC_I(inode)->sysctl;
|
||||
if (head) {
|
||||
rcu_assign_pointer(PROC_I(inode)->sysctl, NULL);
|
||||
sysctl_head_put(head);
|
||||
}
|
||||
}
|
||||
|
||||
struct vfsmount *proc_mnt;
|
||||
|
||||
Reference in New Issue
Block a user