Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / 90ebe5654febe3555a2516d51d3d251226d35fdb^! / .
commit90ebe5654febe3555a2516d51d3d251226d35fdb[log] [tgz]
authorAl Viro <viro@www.linux.org.uk>Mon Jun 06 13:35:58 2005 -0700
committerLinus Torvalds <torvalds@ppc970.osdl.org>Mon Jun 06 14:42:24 2005 -0700
tree576e1b58886329a4ea0c8a4b20416ce0dead0e51
parent4481e8eea761857367162b0957277d5524fbea63 [diff]
[PATCH] namei fixes

OK, here comes a patch series that hopefully should close all
too-early-mntput() races in fs/namei.c.  Entire area is convoluted as hell, so
I'm splitting that series into _very_ small chunks.

Patches alread in the tree close only (very wide) races in following symlinks
(see "busy inodes after umount" thread some time ago).  Unfortunately, quite a
few narrower races of the same nature were not closed.  Hopefully this should
take care of all of them.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/fs/namei.c b/fs/namei.c
index dd78f01..abeec34 100644
--- a/fs/namei.c
+++ b/fs/namei.c

@@ -493,6 +493,11 @@
 	return PTR_ERR(link);
 }
 
+struct path {
+	struct vfsmount *mnt;
+	struct dentry *dentry;
+};
+
 static inline int __do_follow_link(struct dentry *dentry, struct nameidata *nd)
 {
 	int error;
@@ -518,7 +523,7 @@
  * Without that kind of total limit, nasty chains of consecutive
  * symlinks can cause almost arbitrarily long lookups. 
  */
-static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd)
+static inline int do_follow_link(struct path *path, struct nameidata *nd)
 {
 	int err = -ELOOP;
 	if (current->link_count >= MAX_NESTED_LINKS)
@@ -527,13 +532,13 @@
 		goto loop;
 	BUG_ON(nd->depth >= MAX_NESTED_LINKS);
 	cond_resched();
-	err = security_inode_follow_link(dentry, nd);
+	err = security_inode_follow_link(path->dentry, nd);
 	if (err)
 		goto loop;
 	current->link_count++;
 	current->total_link_count++;
 	nd->depth++;
-	err = __do_follow_link(dentry, nd);
+	err = __do_follow_link(path->dentry, nd);
 	current->link_count--;
 	nd->depth--;
 	return err;
@@ -641,11 +646,6 @@
 	follow_mount(mnt, dentry);
 }
 
-struct path {
-	struct vfsmount *mnt;
-	struct dentry *dentry;
-};
-
 /*
  *  It's more convoluted than I'd like it to be, but... it's still fairly
  *  small and for now I'd prefer to have fast path as straight as possible.
@@ -784,7 +784,7 @@
 
 		if (inode->i_op->follow_link) {
 			mntget(next.mnt);
-			err = do_follow_link(next.dentry, nd);
+			err = do_follow_link(&next, nd);
 			dput(next.dentry);
 			mntput(next.mnt);
 			if (err)
@@ -838,7 +838,7 @@
 		if ((lookup_flags & LOOKUP_FOLLOW)
 		    && inode && inode->i_op && inode->i_op->follow_link) {
 			mntget(next.mnt);
-			err = do_follow_link(next.dentry, nd);
+			err = do_follow_link(&next, nd);
 			dput(next.dentry);
 			mntput(next.mnt);
 			if (err)