From d870b4a191a389c661cd40aacb06981c26b5e504 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 29 Nov 2013 01:48:32 -0500 Subject: fix bogus path_put() of nd->root after some unlazy_walk() failures Failure to grab reference to parent dentry should go through the same cleanup as nd->seq mismatch. As it is, we might end up with caller thinking it needs to path_put() nd->root, with obvious nasty results once we'd hit that bug enough times to drive the refcount of root dentry all the way to zero... Signed-off-by: Al Viro --- fs/namei.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'fs') diff --git a/fs/namei.c b/fs/namei.c index 8f77a8cea28..c53d3a9547f 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -513,8 +513,7 @@ static int unlazy_walk(struct nameidata *nd, struct dentry *dentry) if (!lockref_get_not_dead(&parent->d_lockref)) { nd->path.dentry = NULL; - rcu_read_unlock(); - return -ECHILD; + goto out; } /* -- cgit v1.2.3-70-g09d2