VFS: we need to set LOOKUP_JUMPED on mountpoint crossing

commit a3fbbde70a0cec017f2431e8f8de208708c76acc upstream. Mountpoint crossing is similar to following procfs symlinks - we do not get ->d_revalidate() called for dentry we have arrived at, with unpleasant consequences for NFS4. Simple way to reproduce the problem in mainline: cat >/tmp/a.c <<'EOF' #include <unistd.h> #include <fcntl.h> #include <stdio.h> main() { struct flock fl = {.l_type = F_RDLCK, .l_whence = SEEK_SET, .l_len = 1}; if (fcntl(0, F_SETLK, &fl)) perror("setlk"); } EOF cc /tmp/a.c -o /tmp/test then on nfs4: mount --bind file1 file2 /tmp/test < file1 # ok /tmp/test < file2 # spews "setlk: No locks available"... What happens is the missing call of ->d_revalidate() after mountpoint crossing and that's where NFS4 would issue OPEN request to server. The fix is simple - treat mountpoint crossing the same way we deal with following procfs-style symlinks. I.e. set LOOKUP_JUMPED... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Al Viro <viro@ZenIV.linux.org.uk> 2011-11-07 16:21:26 -0500
committer: Greg Kroah-Hartman <gregkh@suse.de> 2011-11-11 12:37:08 -0500
commit: 656460cd7714653cf60a10c79e02cbfe2d9bf732 (patch)
tree: a9eb6dd3de35c760ae5d327fd121a7e0ce78c8fb /fs/namei.c
parent: 0447f4d5654bb5d95008f16dad839104f8d0d39a (diff)
1 files changed, 15 insertions, 1 deletions
diff --git a/fs/namei.c b/fs/namei.c
index 49472a1b79e..f7593c0899d 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -910,7 +910,7 @@ static int follow_managed(struct path *path, unsigned flags)
                mntput(path->mnt);
        if (ret == -EISDIR)
                ret = 0;
-        return ret;
+        return ret < 0 ? ret : need_mntput;
 }
 int follow_down_one(struct path *path)
@@ -958,6 +958,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
                        break;
                path->mnt = mounted;
                path->dentry = mounted->mnt_root;
+                nd->flags |= LOOKUP_JUMPED;
                nd->seq = read_seqcount_begin(&path->dentry->d_seq);
                /*
                 * Update the inode too. We don't need to re-check the
@@ -1232,6 +1233,8 @@ retry:
                path_put_conditional(path, nd);
                return err;
        }
+        if (err)
+                nd->flags |= LOOKUP_JUMPED;
        *inode = path->dentry->d_inode;
        return 0;
 }
@@ -2118,6 +2121,10 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
        }
        /* create side of things */
+        /*
+         * This will *only* deal with leaving RCU mode - LOOKUP_JUMPED has been
+         * cleared when we got to the last component we are about to look up
+         */
        error = complete_walk(nd);
        if (error)
                return ERR_PTR(error);
@@ -2186,6 +2193,9 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
        if (error < 0)
                goto exit_dput;
+        if (error)
+                nd->flags |= LOOKUP_JUMPED;
        error = -ENOENT;
        if (!path->dentry->d_inode)
                goto exit_dput;
@@ -2195,6 +2205,10 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
        path_to_nameidata(path, nd);
        nd->inode = path->dentry->d_inode;
+        /* Why this, you ask?  _Now_ we might have grown LOOKUP_JUMPED... */
+        error = complete_walk(nd);
+        if (error)
+                goto exit;
        error = -EISDIR;
        if (S_ISDIR(nd->inode->i_mode))
                goto exit;
author	Al Viro <viro@ZenIV.linux.org.uk>	2011-11-07 16:21:26 -0500
committer	Greg Kroah-Hartman <gregkh@suse.de>	2011-11-11 12:37:08 -0500
commit	656460cd7714653cf60a10c79e02cbfe2d9bf732 (patch)
tree	a9eb6dd3de35c760ae5d327fd121a7e0ce78c8fb /fs/namei.c
parent	0447f4d5654bb5d95008f16dad839104f8d0d39a (diff)