Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1858efd4 authored by Al Viro's avatar Al Viro
Browse files

minimal fix for do_filp_open() race 



failure exits on the no-O_CREAT side of do_filp_open() merge with
those of O_CREAT one; unfortunately, if do_path_lookup() returns
-ESTALE, we'll get out_filp:, notice that we are about to return
-ESTALE without having trying to create the sucker with LOOKUP_REVAL
and jump right into the O_CREAT side of code.  And proceed to try
and create a file.  Usually that'll fail with -ESTALE again, but
we can race and get that attempt of pathname resolution to succeed.

open() without O_CREAT really shouldn't end up creating files, races
or not.  The real fix is to rearchitect the whole do_filp_open(),
but for now splitting the failure exits will do.

Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent b65a0e0c

fs/namei.c

+10 −3
Original line number Original line Diff line number Diff line
@@ -2455,22 +2455,29 @@ struct file *do_filp_open(int dfd, const char *pathname, 
	/* !O_CREAT, simple open */

	/* !O_CREAT, simple open */

	error = do_path_lookup(dfd, pathname, flags, &nd);

	error = do_path_lookup(dfd, pathname, flags, &nd);

	if (unlikely(error))

	if (unlikely(error))

		goto out_filp;

		goto out_filp2;

	error = -ELOOP;

	error = -ELOOP;

	if (!(nd.flags & LOOKUP_FOLLOW)) {

	if (!(nd.flags & LOOKUP_FOLLOW)) {

		if (nd.inode->i_op->follow_link)

		if (nd.inode->i_op->follow_link)

			goto out_path;

			goto out_path2;

	}

	}

	error = -ENOTDIR;

	error = -ENOTDIR;

	if (nd.flags & LOOKUP_DIRECTORY) {

	if (nd.flags & LOOKUP_DIRECTORY) {

		if (!nd.inode->i_op->lookup)

		if (!nd.inode->i_op->lookup)

			goto out_path;

			goto out_path2;

	}

	}

	audit_inode(pathname, nd.path.dentry);

	audit_inode(pathname, nd.path.dentry);

	filp = finish_open(&nd, open_flag, acc_mode);

	filp = finish_open(&nd, open_flag, acc_mode);

out2:

	release_open_intent(&nd);

	release_open_intent(&nd);

	return filp;

	return filp;





out_path2:

	path_put(&nd.path);

out_filp2:

	filp = ERR_PTR(error);

	goto out2;



creat:

creat:

	/* OK, have to create the file. Find the parent. */

	/* OK, have to create the file. Find the parent. */

	error = path_init_rcu(dfd, pathname,

	error = path_init_rcu(dfd, pathname,