acct_on(): don't mess with freeze protection
commit 9419a3191dcb27f24478d288abaab697228d28e6 upstream. What happens there is that we are replacing file->path.mnt of a file we'd just opened with a clone and we need the write count contribution to be transferred from original mount to new one. That's it. We do *NOT* want any kind of freeze protection for the duration of switchover. IOW, we should just use __mnt_{want,drop}_write() for that switchover; no need to bother with mnt_{want,drop}_write() there. Tested-by: Amir Goldstein <amir73il@gmail.com> Reported-by: syzbot+2a73a6ea9507b7112141@syzkaller.appspotmail.com Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
7d562a90a8
commit
7c2bcb3cca
3 changed files with 4 additions and 4 deletions
|
@ -80,9 +80,7 @@ extern int sb_prepare_remount_readonly(struct super_block *);
|
|||
|
||||
extern void __init mnt_init(void);
|
||||
|
||||
extern int __mnt_want_write(struct vfsmount *);
|
||||
extern int __mnt_want_write_file(struct file *);
|
||||
extern void __mnt_drop_write(struct vfsmount *);
|
||||
extern void __mnt_drop_write_file(struct file *);
|
||||
|
||||
/*
|
||||
|
|
|
@ -86,6 +86,8 @@ extern bool mnt_may_suid(struct vfsmount *mnt);
|
|||
|
||||
struct path;
|
||||
extern struct vfsmount *clone_private_mount(const struct path *path);
|
||||
extern int __mnt_want_write(struct vfsmount *);
|
||||
extern void __mnt_drop_write(struct vfsmount *);
|
||||
|
||||
struct file_system_type;
|
||||
extern struct vfsmount *vfs_kern_mount(struct file_system_type *type,
|
||||
|
|
|
@ -227,7 +227,7 @@ static int acct_on(struct filename *pathname)
|
|||
filp_close(file, NULL);
|
||||
return PTR_ERR(internal);
|
||||
}
|
||||
err = mnt_want_write(internal);
|
||||
err = __mnt_want_write(internal);
|
||||
if (err) {
|
||||
mntput(internal);
|
||||
kfree(acct);
|
||||
|
@ -252,7 +252,7 @@ static int acct_on(struct filename *pathname)
|
|||
old = xchg(&ns->bacct, &acct->pin);
|
||||
mutex_unlock(&acct->lock);
|
||||
pin_kill(old);
|
||||
mnt_drop_write(mnt);
|
||||
__mnt_drop_write(mnt);
|
||||
mntput(mnt);
|
||||
return 0;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue