Serge E. Hallyn wrote:
> Quoting Oren Laadan (orenl@xxxxxxxxxxxxxxx):
>> +/**
>> + * cr_fill_fname - return pathname of a given file
>> + * @path: path name
>> + * @root: relative root
>> + * @buf: buffer for pathname
>> + * @n: buffer length (in) and pathname length (out)
>> + */
>> +static char *
>> +cr_fill_fname(struct path *path, struct path *root, char *buf, int *n)
>> +{
>> + struct path tmp = *root;
>> + char *fname;
>> +
>> + BUG_ON(!buf);
>> + fname = __d_path(path, &tmp, buf, *n);
>> + if (!IS_ERR(fname))
>> + *n = (buf + (*n) - fname);
>> + /*
>> + * FIXME: if __d_path() changed these, it must have stepped out of
>> + * init's namespace. Since currently we require a unified namespace
>> + * within the container: simply fail.
>> + */
>> + if (tmp.mnt != root->mnt || tmp.dentry != root->dentry)
>> + fname = ERR_PTR(-EBADF);
>> +
>> + return fname;
>> +}
>
> You still are not taking the dcache_lock around __d_path.
>
You still are right.
Oren.
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
