Commit b3085709 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull vfs fixes from Al Viro:
 "A couple of fixes, one of them for this cycle regression..."

* tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  vfs: vfs_tmpfile: ensure O_EXCL flag is enforced
  fs: use acquire ordering in __fget_light()
parents ca66e580 406c706c
...@@ -1003,7 +1003,16 @@ static unsigned long __fget_light(unsigned int fd, fmode_t mask) ...@@ -1003,7 +1003,16 @@ static unsigned long __fget_light(unsigned int fd, fmode_t mask)
struct files_struct *files = current->files; struct files_struct *files = current->files;
struct file *file; struct file *file;
if (atomic_read(&files->count) == 1) { /*
* If another thread is concurrently calling close_fd() followed
* by put_files_struct(), we must not observe the old table
* entry combined with the new refcount - otherwise we could
* return a file that is concurrently being freed.
*
* atomic_read_acquire() pairs with atomic_dec_and_test() in
* put_files_struct().
*/
if (atomic_read_acquire(&files->count) == 1) {
file = files_lookup_fd_raw(files, fd); file = files_lookup_fd_raw(files, fd);
if (!file || unlikely(file->f_mode & mask)) if (!file || unlikely(file->f_mode & mask))
return 0; return 0;
......
...@@ -3591,6 +3591,7 @@ static int vfs_tmpfile(struct user_namespace *mnt_userns, ...@@ -3591,6 +3591,7 @@ static int vfs_tmpfile(struct user_namespace *mnt_userns,
struct inode *dir = d_inode(parentpath->dentry); struct inode *dir = d_inode(parentpath->dentry);
struct inode *inode; struct inode *inode;
int error; int error;
int open_flag = file->f_flags;
/* we want directory to be writable */ /* we want directory to be writable */
error = inode_permission(mnt_userns, dir, MAY_WRITE | MAY_EXEC); error = inode_permission(mnt_userns, dir, MAY_WRITE | MAY_EXEC);
...@@ -3613,7 +3614,7 @@ static int vfs_tmpfile(struct user_namespace *mnt_userns, ...@@ -3613,7 +3614,7 @@ static int vfs_tmpfile(struct user_namespace *mnt_userns,
if (error) if (error)
return error; return error;
inode = file_inode(file); inode = file_inode(file);
if (!(file->f_flags & O_EXCL)) { if (!(open_flag & O_EXCL)) {
spin_lock(&inode->i_lock); spin_lock(&inode->i_lock);
inode->i_state |= I_LINKABLE; inode->i_state |= I_LINKABLE;
spin_unlock(&inode->i_lock); spin_unlock(&inode->i_lock);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment