object creation by d_alloc_name()+d_add() in pstore_mkfile(), removal -
via normal VFS codepaths (with ->unlink() using simple_unlink()) or
in pstore_put_backend_records() via locked_recursive_removal()
Replace d_add() with d_make_persistent()+dput() - that's what really
happens there. The reference that goes into record->dentry is valid
only until the unlink (and explicitly cleared by pstore_unlink()).
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
fs/pstore/inode.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/fs/pstore/inode.c b/fs/pstore/inode.c
index 1a2e1185426c..bad479fbb0ff 100644
--- a/fs/pstore/inode.c
+++ b/fs/pstore/inode.c
@@ -373,7 +373,7 @@ int pstore_mkfile(struct dentry *root, struct pstore_record
*record)
if (!dentry)
return -ENOMEM;
- private->dentry = dentry;
+ private->dentry = dentry; // borrowed
private->record = record;
inode->i_size = private->total_size = size;
inode->i_private = private;
@@ -382,7 +382,8 @@ int pstore_mkfile(struct dentry *root, struct pstore_record
*record)
inode_set_mtime_to_ts(inode,
inode_set_ctime_to_ts(inode,
record->time));
- d_add(dentry, no_free_ptr(inode));
+ d_make_persistent(dentry, no_free_ptr(inode));
+ dput(dentry);
list_add(&(no_free_ptr(private))->list, &records_list);
@@ -465,7 +466,7 @@ static void pstore_kill_sb(struct super_block *sb)
guard(mutex)(&pstore_sb_lock);
WARN_ON(pstore_sb && pstore_sb != sb);
- kill_litter_super(sb);
+ kill_anon_super(sb);
pstore_sb = NULL;
guard(mutex)(&records_list_lock);
--
2.47.3
