tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
convert pstore
object creation by d_alloc_name()+d_add() in pstore_mkfile(), removal -
via normal VFS codepaths (with ->unlink() using simple_unlink()) or
in pstore_put_backend_records() via locked_recursive_removal()
Replace d_add() with d_make_persistent()+dput() - that's what really
happens there. The reference that goes into record->dentry is valid
only until the unlink (and explicitly cleared by pstore_unlink()).
Reviewed-by: Kees Cook <kees@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+4
-3
+4
-3
fs/pstore/inode.c
+4
-3
fs/pstore/inode.c
···
373
373
if (!dentry)
374
374
return -ENOMEM;
375
375
376
-
private->dentry = dentry;
376
+
private->dentry = dentry; // borrowed
377
377
private->record = record;
378
378
inode->i_size = private->total_size = size;
379
379
inode->i_private = private;
···
382
382
inode_set_mtime_to_ts(inode,
383
383
inode_set_ctime_to_ts(inode, record->time));
384
384
385
-
d_add(dentry, no_free_ptr(inode));
385
+
d_make_persistent(dentry, no_free_ptr(inode));
386
+
dput(dentry);
386
387
387
388
list_add(&(no_free_ptr(private))->list, &records_list);
388
389
···
466
465
guard(mutex)(&pstore_sb_lock);
467
466
WARN_ON(pstore_sb && pstore_sb != sb);
468
467
469
-
kill_litter_super(sb);
468
+
kill_anon_super(sb);
470
469
pstore_sb = NULL;
471
470
472
471
guard(mutex)(&records_list_lock);