From 90ebe5654febe3555a2516d51d3d251226d35fdb Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 6 Jun 2005 13:35:58 -0700 Subject: [PATCH] namei fixes OK, here comes a patch series that hopefully should close all too-early-mntput() races in fs/namei.c. Entire area is convoluted as hell, so I'm splitting that series into _very_ small chunks. Patches alread in the tree close only (very wide) races in following symlinks (see "busy inodes after umount" thread some time ago). Unfortunately, quite a few narrower races of the same nature were not closed. Hopefully this should take care of all of them. Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- fs/namei.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'fs/namei.c') diff --git a/fs/namei.c b/fs/namei.c index dd78f01b6de8..abeec34e7553 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -493,6 +493,11 @@ fail: return PTR_ERR(link); } +struct path { + struct vfsmount *mnt; + struct dentry *dentry; +}; + static inline int __do_follow_link(struct dentry *dentry, struct nameidata *nd) { int error; @@ -518,7 +523,7 @@ static inline int __do_follow_link(struct dentry *dentry, struct nameidata *nd) * Without that kind of total limit, nasty chains of consecutive * symlinks can cause almost arbitrarily long lookups. */ -static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd) +static inline int do_follow_link(struct path *path, struct nameidata *nd) { int err = -ELOOP; if (current->link_count >= MAX_NESTED_LINKS) @@ -527,13 +532,13 @@ static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd) goto loop; BUG_ON(nd->depth >= MAX_NESTED_LINKS); cond_resched(); - err = security_inode_follow_link(dentry, nd); + err = security_inode_follow_link(path->dentry, nd); if (err) goto loop; current->link_count++; current->total_link_count++; nd->depth++; - err = __do_follow_link(dentry, nd); + err = __do_follow_link(path->dentry, nd); current->link_count--; nd->depth--; return err; @@ -641,11 +646,6 @@ static inline void follow_dotdot(struct vfsmount **mnt, struct dentry **dentry) follow_mount(mnt, dentry); } -struct path { - struct vfsmount *mnt; - struct dentry *dentry; -}; - /* * It's more convoluted than I'd like it to be, but... it's still fairly * small and for now I'd prefer to have fast path as straight as possible. @@ -784,7 +784,7 @@ static fastcall int __link_path_walk(const char * name, struct nameidata *nd) if (inode->i_op->follow_link) { mntget(next.mnt); - err = do_follow_link(next.dentry, nd); + err = do_follow_link(&next, nd); dput(next.dentry); mntput(next.mnt); if (err) @@ -838,7 +838,7 @@ last_component: if ((lookup_flags & LOOKUP_FOLLOW) && inode && inode->i_op && inode->i_op->follow_link) { mntget(next.mnt); - err = do_follow_link(next.dentry, nd); + err = do_follow_link(&next, nd); dput(next.dentry); mntput(next.mnt); if (err) -- cgit v1.2.1