Commit 90ebe565 authored by Al Viro's avatar Al Viro Committed by Linus Torvalds

[PATCH] namei fixes

OK, here comes a patch series that hopefully should close all
too-early-mntput() races in fs/namei.c.  Entire area is convoluted as hell, so
I'm splitting that series into _very_ small chunks.

Patches alread in the tree close only (very wide) races in following symlinks
(see "busy inodes after umount" thread some time ago).  Unfortunately, quite a
few narrower races of the same nature were not closed.  Hopefully this should
take care of all of them.
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 4481e8ee
...@@ -493,6 +493,11 @@ static inline int __vfs_follow_link(struct nameidata *nd, const char *link) ...@@ -493,6 +493,11 @@ static inline int __vfs_follow_link(struct nameidata *nd, const char *link)
return PTR_ERR(link); return PTR_ERR(link);
} }
struct path {
struct vfsmount *mnt;
struct dentry *dentry;
};
static inline int __do_follow_link(struct dentry *dentry, struct nameidata *nd) static inline int __do_follow_link(struct dentry *dentry, struct nameidata *nd)
{ {
int error; int error;
...@@ -518,7 +523,7 @@ static inline int __do_follow_link(struct dentry *dentry, struct nameidata *nd) ...@@ -518,7 +523,7 @@ static inline int __do_follow_link(struct dentry *dentry, struct nameidata *nd)
* Without that kind of total limit, nasty chains of consecutive * Without that kind of total limit, nasty chains of consecutive
* symlinks can cause almost arbitrarily long lookups. * symlinks can cause almost arbitrarily long lookups.
*/ */
static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd) static inline int do_follow_link(struct path *path, struct nameidata *nd)
{ {
int err = -ELOOP; int err = -ELOOP;
if (current->link_count >= MAX_NESTED_LINKS) if (current->link_count >= MAX_NESTED_LINKS)
...@@ -527,13 +532,13 @@ static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd) ...@@ -527,13 +532,13 @@ static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd)
goto loop; goto loop;
BUG_ON(nd->depth >= MAX_NESTED_LINKS); BUG_ON(nd->depth >= MAX_NESTED_LINKS);
cond_resched(); cond_resched();
err = security_inode_follow_link(dentry, nd); err = security_inode_follow_link(path->dentry, nd);
if (err) if (err)
goto loop; goto loop;
current->link_count++; current->link_count++;
current->total_link_count++; current->total_link_count++;
nd->depth++; nd->depth++;
err = __do_follow_link(dentry, nd); err = __do_follow_link(path->dentry, nd);
current->link_count--; current->link_count--;
nd->depth--; nd->depth--;
return err; return err;
...@@ -641,11 +646,6 @@ static inline void follow_dotdot(struct vfsmount **mnt, struct dentry **dentry) ...@@ -641,11 +646,6 @@ static inline void follow_dotdot(struct vfsmount **mnt, struct dentry **dentry)
follow_mount(mnt, dentry); follow_mount(mnt, dentry);
} }
struct path {
struct vfsmount *mnt;
struct dentry *dentry;
};
/* /*
* It's more convoluted than I'd like it to be, but... it's still fairly * It's more convoluted than I'd like it to be, but... it's still fairly
* small and for now I'd prefer to have fast path as straight as possible. * small and for now I'd prefer to have fast path as straight as possible.
...@@ -784,7 +784,7 @@ static fastcall int __link_path_walk(const char * name, struct nameidata *nd) ...@@ -784,7 +784,7 @@ static fastcall int __link_path_walk(const char * name, struct nameidata *nd)
if (inode->i_op->follow_link) { if (inode->i_op->follow_link) {
mntget(next.mnt); mntget(next.mnt);
err = do_follow_link(next.dentry, nd); err = do_follow_link(&next, nd);
dput(next.dentry); dput(next.dentry);
mntput(next.mnt); mntput(next.mnt);
if (err) if (err)
...@@ -838,7 +838,7 @@ static fastcall int __link_path_walk(const char * name, struct nameidata *nd) ...@@ -838,7 +838,7 @@ static fastcall int __link_path_walk(const char * name, struct nameidata *nd)
if ((lookup_flags & LOOKUP_FOLLOW) if ((lookup_flags & LOOKUP_FOLLOW)
&& inode && inode->i_op && inode->i_op->follow_link) { && inode && inode->i_op && inode->i_op->follow_link) {
mntget(next.mnt); mntget(next.mnt);
err = do_follow_link(next.dentry, nd); err = do_follow_link(&next, nd);
dput(next.dentry); dput(next.dentry);
mntput(next.mnt); mntput(next.mnt);
if (err) if (err)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment