Techwizz/kernel-fxtec-pro1x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[PATCH] namei fixes

Browse source 
OK, here comes a patch series that hopefully should close all
too-early-mntput() races in fs/namei.c.  Entire area is convoluted as hell, so
I'm splitting that series into _very_ small chunks.

Patches alread in the tree close only (very wide) races in following symlinks
(see "busy inodes after umount" thread some time ago).  Unfortunately, quite a
few narrower races of the same nature were not closed.  Hopefully this should
take care of all of them.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Al Viro 2005-06-06 13:35:58 -07:00 committed by Linus Torvalds
parent 4481e8eea7
commit 90ebe5654f
1 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
fs/namei.c
View file

@ -493,6 +493,11 @@ static inline int __vfs_follow_link(struct nameidata *nd, const char *link)
return PTR_ERR(link);
}
struct path {
struct vfsmount *mnt;
struct dentry *dentry;
};
static inline int __do_follow_link(struct dentry *dentry, struct nameidata *nd)
{
int error;
@ -518,7 +523,7 @@ static inline int __do_follow_link(struct dentry *dentry, struct nameidata *nd)
* Without that kind of total limit, nasty chains of consecutive
* symlinks can cause almost arbitrarily long lookups.
*/
static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd)
static inline int do_follow_link(struct path *path, struct nameidata *nd)
{
int err = -ELOOP;
if (current->link_count >= MAX_NESTED_LINKS)
@ -527,13 +532,13 @@ static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd)
goto loop;
BUG_ON(nd->depth >= MAX_NESTED_LINKS);
cond_resched();
err = security_inode_follow_link(dentry, nd);
err = security_inode_follow_link(path->dentry, nd);
if (err)
goto loop;
current->link_count++;
current->total_link_count++;
nd->depth++;
err = __do_follow_link(dentry, nd);
err = __do_follow_link(path->dentry, nd);
current->link_count--;
nd->depth--;
return err;
@ -641,11 +646,6 @@ static inline void follow_dotdot(struct vfsmount **mnt, struct dentry **dentry)
follow_mount(mnt, dentry);
}
struct path {
struct vfsmount *mnt;
struct dentry *dentry;
};
/*
* It's more convoluted than I'd like it to be, but... it's still fairly
* small and for now I'd prefer to have fast path as straight as possible.
@ -784,7 +784,7 @@ static fastcall int __link_path_walk(const char * name, struct nameidata *nd)
if (inode->i_op->follow_link) {
mntget(next.mnt);
err = do_follow_link(next.dentry, nd);
err = do_follow_link(&next, nd);
dput(next.dentry);
mntput(next.mnt);
if (err)
@ -838,7 +838,7 @@ static fastcall int __link_path_walk(const char * name, struct nameidata *nd)
if ((lookup_flags & LOOKUP_FOLLOW)
&& inode && inode->i_op && inode->i_op->follow_link) {
mntget(next.mnt);
err = do_follow_link(next.dentry, nd);
err = do_follow_link(&next, nd);
dput(next.dentry);
mntput(next.mnt);
if (err)