be careful with nd->inode in path_init() and follow_dotdot_rcu() (4023bfc9) · Commits · e / devices / android_kernel_fairphone_FP4

fs/namei.c

+13 −2

Original line number	Diff line number	Diff line
		@@ -1142,6 +1142,7 @@ static bool __follow_mount_rcu(struct nameidata nd, struct path path,

		static int follow_dotdot_rcu(struct nameidata *nd)
		{
		struct inode *inode = nd->inode;
		if (!nd->root.mnt)
		set_root_rcu(nd);

		@@ -1155,6 +1156,7 @@ static int follow_dotdot_rcu(struct nameidata *nd)
		struct dentry *parent = old->d_parent;
		unsigned seq;

		inode = parent->d_inode;
		seq = read_seqcount_begin(&parent->d_seq);
		if (read_seqcount_retry(&old->d_seq, nd->seq))
		goto failed;
		@@ -1164,6 +1166,7 @@ static int follow_dotdot_rcu(struct nameidata *nd)
		}
		if (!follow_up_rcu(&nd->path))
		break;
		inode = nd->path.dentry->d_inode;
		nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
		}
		while (d_mountpoint(nd->path.dentry)) {
		@@ -1173,11 +1176,12 @@ static int follow_dotdot_rcu(struct nameidata *nd)
		break;
		nd->path.mnt = &mounted->mnt;
		nd->path.dentry = mounted->mnt.mnt_root;
		inode = nd->path.dentry->d_inode;
		nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
		if (read_seqretry(&mount_lock, nd->m_seq))
		goto failed;
		}
		nd->inode = nd->path.dentry->d_inode;
		nd->inode = inode;
		return 0;

		failed:
		@@ -1904,7 +1908,14 @@ static int path_init(int dfd, const char *name, unsigned int flags,
		}

		nd->inode = nd->path.dentry->d_inode;
		if (!(flags & LOOKUP_RCU))
		return 0;
		if (likely(!read_seqcount_retry(&nd->path.dentry->d_seq, nd->seq)))
		return 0;
		if (!(nd->flags & LOOKUP_ROOT))
		nd->root.mnt = NULL;
		rcu_read_unlock();
		return -ECHILD;
		}

		static inline int lookup_last(struct nameidata nd, struct path path)