OK, here comes a patch series that hopefully should close all
too-early-mntput() races in fs/namei.c. Entire area is convoluted as hell, so
I'm splitting that series into _very_ small chunks.
Patches alread in the tree close only (very wide) races in following symlinks
(see "busy inodes after umount" thread some time ago). Unfortunately, quite a
few narrower races of the same nature were not closed. Hopefully this should
take care of all of them.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+struct path {
+ struct vfsmount *mnt;
+ struct dentry *dentry;
+};
+
static inline int __do_follow_link(struct dentry *dentry, struct nameidata *nd)
{
int error;
static inline int __do_follow_link(struct dentry *dentry, struct nameidata *nd)
{
int error;
* Without that kind of total limit, nasty chains of consecutive
* symlinks can cause almost arbitrarily long lookups.
*/
* Without that kind of total limit, nasty chains of consecutive
* symlinks can cause almost arbitrarily long lookups.
*/
-static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd)
+static inline int do_follow_link(struct path *path, struct nameidata *nd)
{
int err = -ELOOP;
if (current->link_count >= MAX_NESTED_LINKS)
{
int err = -ELOOP;
if (current->link_count >= MAX_NESTED_LINKS)
goto loop;
BUG_ON(nd->depth >= MAX_NESTED_LINKS);
cond_resched();
goto loop;
BUG_ON(nd->depth >= MAX_NESTED_LINKS);
cond_resched();
- err = security_inode_follow_link(dentry, nd);
+ err = security_inode_follow_link(path->dentry, nd);
if (err)
goto loop;
current->link_count++;
current->total_link_count++;
nd->depth++;
if (err)
goto loop;
current->link_count++;
current->total_link_count++;
nd->depth++;
- err = __do_follow_link(dentry, nd);
+ err = __do_follow_link(path->dentry, nd);
current->link_count--;
nd->depth--;
return err;
current->link_count--;
nd->depth--;
return err;
follow_mount(mnt, dentry);
}
follow_mount(mnt, dentry);
}
-struct path {
- struct vfsmount *mnt;
- struct dentry *dentry;
-};
-
/*
* It's more convoluted than I'd like it to be, but... it's still fairly
* small and for now I'd prefer to have fast path as straight as possible.
/*
* It's more convoluted than I'd like it to be, but... it's still fairly
* small and for now I'd prefer to have fast path as straight as possible.
if (inode->i_op->follow_link) {
mntget(next.mnt);
if (inode->i_op->follow_link) {
mntget(next.mnt);
- err = do_follow_link(next.dentry, nd);
+ err = do_follow_link(&next, nd);
dput(next.dentry);
mntput(next.mnt);
if (err)
dput(next.dentry);
mntput(next.mnt);
if (err)
if ((lookup_flags & LOOKUP_FOLLOW)
&& inode && inode->i_op && inode->i_op->follow_link) {
mntget(next.mnt);
if ((lookup_flags & LOOKUP_FOLLOW)
&& inode && inode->i_op && inode->i_op->follow_link) {
mntget(next.mnt);
- err = do_follow_link(next.dentry, nd);
+ err = do_follow_link(&next, nd);
dput(next.dentry);
mntput(next.mnt);
if (err)
dput(next.dentry);
mntput(next.mnt);
if (err)