diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2014-09-13 21:59:43 -0400 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2014-11-05 20:27:43 +0000 |
| commit | 1a4ba51a1d7def5f36b7dec2defd3c4ab27e9fb0 (patch) | |
| tree | ed22233fafabfe265119a4a33b5a529da8e12318 /fs | |
| parent | a7caf25487f8b0d85f0fa0eb9403301f2b35c1b1 (diff) | |
be careful with nd->inode in path_init() and follow_dotdot_rcu()
commit 4023bfc9f351a7994fb6a7d515476c320f94a574 upstream.
in the former we simply check if dentry is still valid after picking
its ->d_inode; in the latter we fetch ->d_inode in the same places
where we fetch dentry and its ->d_seq, under the same checks.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/namei.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/fs/namei.c b/fs/namei.c index 032053018b8a..dea2dabc62c1 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -913,6 +913,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path, static int follow_dotdot_rcu(struct nameidata *nd) { + struct inode *inode = nd->inode; if (!nd->root.mnt) set_root_rcu(nd); @@ -926,6 +927,7 @@ static int follow_dotdot_rcu(struct nameidata *nd) struct dentry *parent = old->d_parent; unsigned seq; + inode = parent->d_inode; seq = read_seqcount_begin(&parent->d_seq); if (read_seqcount_retry(&old->d_seq, nd->seq)) goto failed; @@ -935,6 +937,7 @@ static int follow_dotdot_rcu(struct nameidata *nd) } if (!follow_up_rcu(&nd->path)) break; + inode = nd->path.dentry->d_inode; nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); } while (d_mountpoint(nd->path.dentry)) { @@ -944,9 +947,10 @@ static int follow_dotdot_rcu(struct nameidata *nd) break; nd->path.mnt = mounted; nd->path.dentry = mounted->mnt_root; + inode = nd->path.dentry->d_inode; nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); } - nd->inode = nd->path.dentry->d_inode; + nd->inode = inode; return 0; failed: @@ -1556,7 +1560,14 @@ static int path_init(int dfd, const char *name, unsigned int flags, } nd->inode = nd->path.dentry->d_inode; - return 0; + if (!(flags & LOOKUP_RCU)) + return 0; + if (likely(!read_seqcount_retry(&nd->path.dentry->d_seq, nd->seq))) + return 0; + if (!(nd->flags & LOOKUP_ROOT)) + nd->root.mnt = NULL; + rcu_read_unlock(); + return -ECHILD; fput_fail: fput_light(file, fput_needed); |