summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAl Viro <viro@www.linux.org.uk>2005-06-06 13:36:11 -0700
committerLinus Torvalds <torvalds@ppc970.osdl.org>2005-06-06 14:42:27 -0700
commitd9d29a29669f96903d9950bb881c2a393fd33849 (patch)
treed2e12822db98a1bf8feac9f428ba18d867771a85
parent4b7b9772e4c3d87e649d4c419d2487aacf1235aa (diff)
[PATCH] namei fixes (15/19)
Getting rid of sloppy logics: a) in do_follow_link() we have the wrong vfsmount dropped if our symlink had been mounted on something. Currently it worls only because we never get such situation (modulo filesystem playing dirty tricks on us). And it obfuscates already convoluted logics... b) same goes for open_namei(). c) in __link_path_walk() we have another "it should never happen" sloppiness - out_dput: there does double-free on underlying vfsmount and leaks the covering one if we hit it just after crossing a mountpoint. Again, wrong vfsmount getting dropped. d) another too-early-mntput() race - in do_follow_mount() we need to postpone conditional mntput(path->mnt) until after dput(path->dentry). Again, this one happens only in it-currently-never-happens-unless-some-fs-plays-dirty scenario... Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--fs/namei.c11
1 files changed, 5 insertions, 6 deletions
diff --git a/fs/namei.c b/fs/namei.c
index 411bb3243c3..6a884682b0a 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -544,15 +544,15 @@ static inline int do_follow_link(struct path *path, struct nameidata *nd)
current->total_link_count++;
nd->depth++;
if (path->mnt != nd->mnt)
- mntput(nd->mnt);
+ mntput(path->mnt);
err = __do_follow_link(path, nd);
current->link_count--;
nd->depth--;
return err;
loop:
- if (path->mnt != nd->mnt)
- mntput(nd->mnt);
dput(path->dentry);
+ if (path->mnt != nd->mnt)
+ mntput(path->mnt);
path_release(nd);
return err;
}
@@ -906,7 +906,7 @@ return_base:
out_dput:
dput(next.dentry);
if (nd->mnt != next.mnt)
- mntput(nd->mnt);
+ mntput(next.mnt);
break;
}
path_release(nd);
@@ -1551,8 +1551,7 @@ do_link:
if (error)
goto exit_dput;
if (nd->mnt != path.mnt)
- mntput(nd->mnt);
- nd->mnt = path.mnt;
+ mntput(path.mnt);
error = __do_follow_link(&path, nd);
if (error)
return error;