aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNick Piggin <npiggin@kernel.dk>2011-01-07 01:49:16 -0500
committerNick Piggin <npiggin@kernel.dk>2011-01-07 01:50:16 -0500
commit786a5e15b613a9cee4fc9139fc3113a5ab0fde79 (patch)
tree0c0100945f74ad1d68b9b546e1929cfcb67e9095
parentd3a23e1678a5827c38ed8a465ad91d65e59fa911 (diff)
fs: d_validate fixes
d_validate has been broken for a long time. kmem_ptr_validate does not guarantee that a pointer can be dereferenced if it can go away at any time. Even rcu_read_lock doesn't help, because the pointer might be queued in RCU callbacks but not executed yet. So the parent cannot be checked, nor the name hashed. The dentry pointer can not be touched until it can be verified under lock. Hashing simply cannot be used. Instead, verify the parent/child relationship by traversing parent's d_child list. It's slow, but only ncpfs and the destaged smbfs care about it, at this point. Signed-off-by: Nick Piggin <npiggin@kernel.dk>
-rw-r--r--fs/dcache.c25
1 files changed, 7 insertions, 18 deletions
diff --git a/fs/dcache.c b/fs/dcache.c
index cc2b93802179..9d1a59dfda0b 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -1483,41 +1483,30 @@ out:
1483} 1483}
1484 1484
1485/** 1485/**
1486 * d_validate - verify dentry provided from insecure source 1486 * d_validate - verify dentry provided from insecure source (deprecated)
1487 * @dentry: The dentry alleged to be valid child of @dparent 1487 * @dentry: The dentry alleged to be valid child of @dparent
1488 * @dparent: The parent dentry (known to be valid) 1488 * @dparent: The parent dentry (known to be valid)
1489 * 1489 *
1490 * An insecure source has sent us a dentry, here we verify it and dget() it. 1490 * An insecure source has sent us a dentry, here we verify it and dget() it.
1491 * This is used by ncpfs in its readdir implementation. 1491 * This is used by ncpfs in its readdir implementation.
1492 * Zero is returned in the dentry is invalid. 1492 * Zero is returned in the dentry is invalid.
1493 *
1494 * This function is slow for big directories, and deprecated, do not use it.
1493 */ 1495 */
1494
1495int d_validate(struct dentry *dentry, struct dentry *dparent) 1496int d_validate(struct dentry *dentry, struct dentry *dparent)
1496{ 1497{
1497 struct hlist_head *base; 1498 struct dentry *child;
1498 struct hlist_node *lhp;
1499
1500 /* Check whether the ptr might be valid at all.. */
1501 if (!kmem_ptr_validate(dentry_cache, dentry))
1502 goto out;
1503
1504 if (dentry->d_parent != dparent)
1505 goto out;
1506 1499
1507 spin_lock(&dcache_lock); 1500 spin_lock(&dcache_lock);
1508 base = d_hash(dparent, dentry->d_name.hash); 1501 list_for_each_entry(child, &dparent->d_subdirs, d_u.d_child) {
1509 hlist_for_each(lhp,base) { 1502 if (dentry == child) {
1510 /* hlist_for_each_entry_rcu() not required for d_hash list
1511 * as it is parsed under dcache_lock
1512 */
1513 if (dentry == hlist_entry(lhp, struct dentry, d_hash)) {
1514 __dget_locked(dentry); 1503 __dget_locked(dentry);
1515 spin_unlock(&dcache_lock); 1504 spin_unlock(&dcache_lock);
1516 return 1; 1505 return 1;
1517 } 1506 }
1518 } 1507 }
1519 spin_unlock(&dcache_lock); 1508 spin_unlock(&dcache_lock);
1520out: 1509
1521 return 0; 1510 return 0;
1522} 1511}
1523EXPORT_SYMBOL(d_validate); 1512EXPORT_SYMBOL(d_validate);