• Al Viro's avatar
    [PATCH] namei fixes (10/19) · e13b210f
    Al Viro authored
    In open_namei(), __follow_down() loop turned into __follow_mount().
    Instead of
    	if we are on a mountpoint dentry
    		if O_NOFOLLOW checks fail
    			drop path.dentry
    			drop nd
    			return
    		do equivalent of follow_mount(&path.mnt, &path.dentry)
    		nd->mnt = path.mnt
    we do
    	if __follow_mount(path) had, indeed, traversed mountpoint
    		/* now both nd->mnt and path.mnt are pinned down */
    		if O_NOFOLLOW checks fail
    			drop path.dentry
    			drop path.mnt
    			drop nd
    			return
    		mntput(nd->mnt)
    		nd->mnt = path.mnt
    
    Now __follow_down() can be folded into follow_down() - no other callers left.
    We need to reorder dput()/mntput() there - same problem as in follow_mount().
    
    Equivalent transformation + fix for a bug in O_NOFOLLOW handling - we used to
    get -ELOOP if we had the same fs mounted on /foo and /bar, had something bound
    on /bar/baz and tried to open /foo/baz with O_NOFOLLOW.  And fix of
    too-early-mntput() race in follow_down()
    Signed-off-by: default avatarAl Viro <viro@parcelfarce.linux.theplanet.co.uk>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    e13b210f
namei.c 59.8 KB