Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 90dbb77b authored by Nick Piggin's avatar Nick Piggin Committed by Nick Piggin
Browse files

fs: fix dropping of rcu-walk from force_reval_path 



As J. R. Okajima noted, force_reval_path passes in the same dentry to
d_revalidate as the one in the nameidata structure (other callers pass in a
child), so the locking breaks. This can oops with a chrooted nfs mount, for
example. Similarly there can be other problems with revalidating a dentry
which is already in nameidata of the path walk.

Signed-off-by: default avatarNick Piggin <npiggin@kernel.dk>
parent bb20c18d

fs/namei.c

+8 −0
Original line number Diff line number Diff line
@@ -479,6 +479,14 @@ static int nameidata_dentry_drop_rcu(struct nameidata *nd, struct dentry *dentry 
	struct fs_struct *fs = current->fs;

	struct dentry *parent = nd->path.dentry;



	/*

	 * It can be possible to revalidate the dentry that we started

	 * the path walk with. force_reval_path may also revalidate the

	 * dentry already committed to the nameidata.

	 */

	if (unlikely(parent == dentry))

		return nameidata_drop_rcu(nd);



	BUG_ON(!(nd->flags & LOOKUP_RCU));

	if (nd->root.mnt) {

		spin_lock(&fs->lock);