On Mon, Jul 18, 2011 at 11:11:40AM -0700, Linus Torvalds wrote: > Also, looking at that whole mount-point traversal sequence, it looks > like __follow_mount_rcu() will happily totally ignore the old sequence > number when it replaces it with the mount-point sequence number. So it > looks to me that we have a case where we miss the sequence number > check that can happen with a positive dentry too! > > No? > > So I think that whenever we change "nd->seq", we should always heck > the previous sequence number first (the way do_lookup() itself does > for the *normal* traversal case). Otherwise we will have traversed the > mount-point without ever having checked the previous sequence number. > > Something like the (untested) attached patch. > > Comments? This mount-point case is independent of the negative dentry > issue, and probably never really an issue in practice, but... ->mnt_mountpoint and ->mnt_root are both pinned (and protected by vfsmount_lock, while we are at it). If it manages to get stale, we have worse problems... -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
