On Tue, May 20, 2025 at 01:15:56AM -0400, Kent Overstreet wrote:
> +int d_casefold_enable(struct dentry *dentry, struct d_casefold_enable *e)
> +{
> + struct dentry *root = dentry->d_sb->s_root;
> + int ret = 0;
> +
> + guard(mutex)(&no_casefold_dentries_lock);
> +
> + for (struct dentry *i = dentry;
> + i && i->d_inode->i_flags & S_NO_CASEFOLD;
> + i = i != root ? i->d_parent : NULL) {
> + ret = darray_push(&e->refs, i);
> + if (ret)
> + goto err;
> +
> + ret = no_casefold_dentry_get(i, ref_casefold_enable);
Beyond being fucking ugly, this is outright broken. Lose
the timeslice (e.g. on allocation in that thing), and there's
nothing to prevent your 'i' from pointing to freed memory.
