Commit ba7a4c1a authored by Al Viro's avatar Al Viro Committed by Linus Torvalds

[PATCH] namei fixes (13/19)

In open_namei() exit_dput: we have mntput() done in the wrong order -
if nd->mnt != path.mnt we end up doing
	mntput(nd->mnt);
	nd->mnt = path.mnt;
	dput(nd->dentry);
	mntput(nd->mnt);
which drops nd->dentry too late.  Fixed by having path.mnt go first.
That allows to switch O_NOFOLLOW under if (__follow_mount(...)) back
to exit_dput, while we are at it.

Fix for early-mntput() race + equivalent transformation.
Signed-off-by: default avatarAl Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent a15a3f6f
......@@ -1501,11 +1501,8 @@ int open_namei(const char * pathname, int flag, int mode, struct nameidata *nd)
if (__follow_mount(&path)) {
error = -ELOOP;
if (flag & O_NOFOLLOW) {
dput(path.dentry);
mntput(path.mnt);
goto exit;
}
if (flag & O_NOFOLLOW)
goto exit_dput;
}
error = -ENOENT;
if (!path.dentry->d_inode)
......@@ -1530,8 +1527,7 @@ int open_namei(const char * pathname, int flag, int mode, struct nameidata *nd)
exit_dput:
dput(path.dentry);
if (nd->mnt != path.mnt)
mntput(nd->mnt);
nd->mnt = path.mnt;
mntput(path.mnt);
exit:
path_release(nd);
return error;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment