aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2011-02-16 11:56:55 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2011-02-16 11:56:55 -0500
commit3abb17e82f08628b59e20d8cbcb55e2204180f69 (patch)
tree890a411ebda28a9b9e6c90520429554a9e7fb95a
parent85e2efbb1db9a18d218006706d6e4fbeb0216213 (diff)
vfs: fix BUG_ON() in fs/namei.c:1461
When Al moved the nameidata_dentry_drop_rcu_maybe() call into the do_follow_link function in commit 844a391799c2 ("nothing in do_follow_link() is going to see RCU"), he mistakenly left the BUG_ON(inode != path->dentry->d_inode); behind. Which would otherwise be ok, but that BUG_ON() really needs to be _after_ dropping RCU, since the dentry isn't necessarily stable otherwise. So complete the code movement in that commit, and move the BUG_ON() into do_follow_link() too. This means that we need to pass in 'inode' as an argument (just for this one use), but that's a small thing. And eventually we may be confident enough in our path lookup that we can just remove the BUG_ON() and the unnecessary inode argument. Reported-and-tested-by: Eric Dumazet <eric.dumazet@gmail.com> Acked-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--fs/namei.c9
1 files changed, 4 insertions, 5 deletions
diff --git a/fs/namei.c b/fs/namei.c
index 9e701e28a329..0087cf9c2c6b 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -795,7 +795,7 @@ __do_follow_link(const struct path *link, struct nameidata *nd, void **p)
795 * Without that kind of total limit, nasty chains of consecutive 795 * Without that kind of total limit, nasty chains of consecutive
796 * symlinks can cause almost arbitrarily long lookups. 796 * symlinks can cause almost arbitrarily long lookups.
797 */ 797 */
798static inline int do_follow_link(struct path *path, struct nameidata *nd) 798static inline int do_follow_link(struct inode *inode, struct path *path, struct nameidata *nd)
799{ 799{
800 void *cookie; 800 void *cookie;
801 int err = -ELOOP; 801 int err = -ELOOP;
@@ -803,6 +803,7 @@ static inline int do_follow_link(struct path *path, struct nameidata *nd)
803 /* We drop rcu-walk here */ 803 /* We drop rcu-walk here */
804 if (nameidata_dentry_drop_rcu_maybe(nd, path->dentry)) 804 if (nameidata_dentry_drop_rcu_maybe(nd, path->dentry))
805 return -ECHILD; 805 return -ECHILD;
806 BUG_ON(inode != path->dentry->d_inode);
806 807
807 if (current->link_count >= MAX_NESTED_LINKS) 808 if (current->link_count >= MAX_NESTED_LINKS)
808 goto loop; 809 goto loop;
@@ -1413,8 +1414,7 @@ exec_again:
1413 goto out_dput; 1414 goto out_dput;
1414 1415
1415 if (inode->i_op->follow_link) { 1416 if (inode->i_op->follow_link) {
1416 BUG_ON(inode != next.dentry->d_inode); 1417 err = do_follow_link(inode, &next, nd);
1417 err = do_follow_link(&next, nd);
1418 if (err) 1418 if (err)
1419 goto return_err; 1419 goto return_err;
1420 nd->inode = nd->path.dentry->d_inode; 1420 nd->inode = nd->path.dentry->d_inode;
@@ -1458,8 +1458,7 @@ last_component:
1458 break; 1458 break;
1459 if (inode && unlikely(inode->i_op->follow_link) && 1459 if (inode && unlikely(inode->i_op->follow_link) &&
1460 (lookup_flags & LOOKUP_FOLLOW)) { 1460 (lookup_flags & LOOKUP_FOLLOW)) {
1461 BUG_ON(inode != next.dentry->d_inode); 1461 err = do_follow_link(inode, &next, nd);
1462 err = do_follow_link(&next, nd);
1463 if (err) 1462 if (err)
1464 goto return_err; 1463 goto return_err;
1465 nd->inode = nd->path.dentry->d_inode; 1464 nd->inode = nd->path.dentry->d_inode;