When symlinks are followed in RCU-walk, dentry->d_inode
may have changed between the call to ->follow_link and
the call to ->put_link.
So we need to preserve the inode used in the first instance,
and use it to find the correct put_link.
Note that this means that when RCU-walk is permitted in
->follow_link, dentry->d_inode cannot be used in ->put_link.
Signed-off-by: NeilBrown <neilb@xxxxxxx>
---
Documentation/filesystems/porting | 4 ++++
fs/namei.c | 20 ++++++++++++--------
2 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/Documentation/filesystems/porting b/Documentation/filesystems/porting
index eba8dd0a13e3..09454610515c 100644
--- a/Documentation/filesystems/porting
+++ b/Documentation/filesystems/porting
@@ -490,3 +490,7 @@ in your dentry operations instead.
The passed inode must be used rather than dentry->d_inode,
particularly if LOOKUP_RCU is set.
If s_fs_info is used, it must be freed using RCU.
+--
+[mandatory]
+ If ->follow_link permits RCU-walk, then ->put_link must
+ not access dentry->d_inode as that may have changed.
diff --git a/fs/namei.c b/fs/namei.c
index 224b1495edae..72f5a4f91855 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -763,9 +763,9 @@ static void terminate_walk(struct nameidata *nd)
}
}
-static inline void put_link(struct nameidata *nd, struct path *link, void *cookie)
+static inline void put_link(struct nameidata *nd, struct path *link,
+ struct inode *inode, void *cookie)
{
- struct inode *inode = link->dentry->d_inode;
if (inode->i_op->put_link)
inode->i_op->put_link(link->dentry, nd_get_link(nd), cookie);
if (!(nd->flags & LOOKUP_LINK_RCU))
@@ -934,7 +934,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
if (s) {
if (unlikely(IS_ERR(s))) {
terminate_walk(nd);
- put_link(nd, link, *p);
+ put_link(nd, link, inode, *p);
return PTR_ERR(s);
}
if (*s == '/') {
@@ -948,7 +948,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
nd->inode = nd->path.dentry->d_inode;
error = link_path_walk(s, nd);
if (unlikely(error))
- put_link(nd, link, *p);
+ put_link(nd, link, inode, *p);
}
return error;
@@ -1669,13 +1669,14 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
do {
struct path link = *path;
+ struct inode *inode = link.dentry->d_inode;
void *cookie;
res = follow_link(&link, nd, &cookie);
if (res)
break;
res = walk_component(nd, path, LOOKUP_FOLLOW);
- put_link(nd, &link, cookie);
+ put_link(nd, &link, inode, cookie);
} while (res > 0);
nd->link_count--;
@@ -2036,6 +2037,7 @@ static int path_lookupat(int dfd, const char *name,
while (err > 0) {
void *cookie;
struct path link = path;
+ struct inode *inode = link.dentry->d_inode;
err = may_follow_link(&link, nd);
if (unlikely(err))
break;
@@ -2044,7 +2046,7 @@ static int path_lookupat(int dfd, const char *name,
if (err)
break;
err = lookup_last(nd, &path);
- put_link(nd, &link, cookie);
+ put_link(nd, &link, inode, cookie);
}
}
@@ -2396,6 +2398,7 @@ path_mountpoint(int dfd, const char *name, struct path *path, unsigned int flags
while (err > 0) {
void *cookie;
struct path link = *path;
+ struct inode *inode = link.dentry->d_inode;
err = may_follow_link(&link, &nd);
if (unlikely(err))
break;
@@ -2404,7 +2407,7 @@ path_mountpoint(int dfd, const char *name, struct path *path, unsigned int flags
if (err)
break;
err = mountpoint_last(&nd, path);
- put_link(&nd, &link, cookie);
+ put_link(&nd, &link, inode, cookie);
}
out:
path_cleanup(&nd);
@@ -3281,6 +3284,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
error = do_last(nd, &path, file, op, &opened, pathname);
while (unlikely(error > 0)) { /* trailing symlink */
struct path link = path;
+ struct inode *inode = link.dentry->d_inode;
void *cookie;
if (!(nd->flags & LOOKUP_FOLLOW)) {
path_to_nameidata(&path, nd);
@@ -3297,7 +3301,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
if (unlikely(error))
break;
error = do_last(nd, &path, file, op, &opened, pathname);
- put_link(nd, &link, cookie);
+ put_link(nd, &link, inode, cookie);
}
out:
path_cleanup(nd);
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
