On Tue, Oct 25, 2011 at 09:33:05AM -0600, Andreas Dilger wrote: > If a directory with more than EXT4_LINK_MAX subdirectories, the nlink > count is set to 1. Subsequently, if any subdirectories are deleted, > ext4_dec_count() decrements the i_nlink count, which may go to 0 > temporarily before being incremented back to 1. > > While this is done under i_mutex, which prevents races for directory > and inode operations that check i_nlink, the temporary i_nlink == 0 > case is exposed to userspace via stat() and similar calls that do not > hold i_mutex. > > Instead, change the code to not decrement i_nlink count for any > directories that do not already have i_nlink larger than 2. > > Reported-by: Cliff White <cliffw@xxxxxxxxxxxxx> > Reviewed-by: Johann Lombardi <johann@xxxxxxxxxxxxx> > Signed-off-by: Andreas Dilger <adilger@xxxxxxxxxxxxx> Applied, thanks. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
