Commit 1a4022f8 authored May 21, 2011 by Erez Zadok Committed by Linus Torvalds May 21, 2011

VFS: move BUG_ON test for symlink nd->depth after current->link_count test



This solves a serious VFS-level bug in nested_symlink (which was
rewritten from do_follow_link), and follows the order of depth tests
that existed before.

The bug triggers a BUG_ON in fs/namei.c:1381, when running racer with
symlink and rename ops.

Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu>
Acked-by: Miklos Szeredi <mszeredi@suse.cz>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent 05249755

fs/namei.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1378,12 +1378,12 @@ static inline int nested_symlink(struct path path, struct nameidata nd)
		{
		int res;

		BUG_ON(nd->depth >= MAX_NESTED_LINKS);
		if (unlikely(current->link_count >= MAX_NESTED_LINKS)) {
		path_put_conditional(path, nd);
		path_put(&nd->path);
		return -ELOOP;
		}
		BUG_ON(nd->depth >= MAX_NESTED_LINKS);

		nd->depth++;
		current->link_count++;