aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorMiklos Szeredi <miklos@szeredi.hu>2006-10-17 03:10:12 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-10-17 11:18:45 -0400
commite956edd0523b6b48ed367c63b0c82d8f4c447a58 (patch)
treea45b03edfa376a769721b69211a9882fcd6f8060 /fs
parentd2a85164aaa8d514ef5efbf5d05746e85dd13ddd (diff)
[PATCH] fuse: fix dereferencing dentry parent
There's no locking for ->d_revalidate, so fuse_dentry_revalidate() should use dget_parent() instead of simply dereferencing ->d_parent. Due to topology changes in the directory tree the parent could become negative or be destroyed while being used. There hasn't been any reports about this yet. Signed-off-by: Miklos Szeredi <miklos@szeredi.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/fuse/dir.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index 9d0ef5e18740..cfc8f81e60d0 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -138,6 +138,7 @@ static int fuse_dentry_revalidate(struct dentry *entry, struct nameidata *nd)
138 struct fuse_entry_out outarg; 138 struct fuse_entry_out outarg;
139 struct fuse_conn *fc; 139 struct fuse_conn *fc;
140 struct fuse_req *req; 140 struct fuse_req *req;
141 struct dentry *parent;
141 142
142 /* Doesn't hurt to "reset" the validity timeout */ 143 /* Doesn't hurt to "reset" the validity timeout */
143 fuse_invalidate_entry_cache(entry); 144 fuse_invalidate_entry_cache(entry);
@@ -151,8 +152,10 @@ static int fuse_dentry_revalidate(struct dentry *entry, struct nameidata *nd)
151 if (IS_ERR(req)) 152 if (IS_ERR(req))
152 return 0; 153 return 0;
153 154
154 fuse_lookup_init(req, entry->d_parent->d_inode, entry, &outarg); 155 parent = dget_parent(entry);
156 fuse_lookup_init(req, parent->d_inode, entry, &outarg);
155 request_send(fc, req); 157 request_send(fc, req);
158 dput(parent);
156 err = req->out.h.error; 159 err = req->out.h.error;
157 /* Zero nodeid is same as -ENOENT */ 160 /* Zero nodeid is same as -ENOENT */
158 if (!err && !outarg.nodeid) 161 if (!err && !outarg.nodeid)