Commit af17e1fc authored by Al Viro's avatar Al Viro Committed by Greg Kroah-Hartman

exportfs_decode_fh(): negative pinned may become positive without the parent locked

[ Upstream commit a2ece088 ]
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent dadd71d1
...@@ -517,26 +517,33 @@ struct dentry *exportfs_decode_fh(struct vfsmount *mnt, struct fid *fid, ...@@ -517,26 +517,33 @@ struct dentry *exportfs_decode_fh(struct vfsmount *mnt, struct fid *fid,
* inode is actually connected to the parent. * inode is actually connected to the parent.
*/ */
err = exportfs_get_name(mnt, target_dir, nbuf, result); err = exportfs_get_name(mnt, target_dir, nbuf, result);
if (!err) { if (err) {
inode_lock(target_dir->d_inode); dput(target_dir);
nresult = lookup_one_len(nbuf, target_dir, goto err_result;
strlen(nbuf));
inode_unlock(target_dir->d_inode);
if (!IS_ERR(nresult)) {
if (nresult->d_inode) {
dput(result);
result = nresult;
} else
dput(nresult);
}
} }
inode_lock(target_dir->d_inode);
nresult = lookup_one_len(nbuf, target_dir, strlen(nbuf));
if (!IS_ERR(nresult)) {
if (unlikely(nresult->d_inode != result->d_inode)) {
dput(nresult);
nresult = ERR_PTR(-ESTALE);
}
}
inode_unlock(target_dir->d_inode);
/* /*
* At this point we are done with the parent, but it's pinned * At this point we are done with the parent, but it's pinned
* by the child dentry anyway. * by the child dentry anyway.
*/ */
dput(target_dir); dput(target_dir);
if (IS_ERR(nresult)) {
err = PTR_ERR(nresult);
goto err_result;
}
dput(result);
result = nresult;
/* /*
* And finally make sure the dentry is actually acceptable * And finally make sure the dentry is actually acceptable
* to NFSD. * to NFSD.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment