On Fri, Jun 03, 2016 at 12:44:51AM +0000, Trond Myklebust wrote:
> That would have to be a really tight race, since the code in
> _nfs4_open_and_get_state() currently reads:
>
> d_drop(dentry);
> alias = d_exact_alias(dentry, state->inode);
> if (!alias)
> alias = d_splice_alias(igrab(state->inode), dentry);
>
> IOW: something would have to be acting between the d_drop() and
> d_splice_alias() above...
How? dentry is
* negative (it would better be, or we are _really_ fucked)
* unhashed
How does whoever's rehashing it stumble across that thing?
