On Tue, Apr 21, 2009 at 09:43:41PM +0000, Al Viro wrote:
>
> AFAICS, we have a subtle bug there: if we have crossed mountpoint
> *and* it got mount --move'd away, we'll be holding only one
> reference to fs containing dentry - exp->ex_path.mnt. IOW, we
> ought to dput() before exp_put().
OK. So a dentry of its own doesn't hold any reference on its
filesystem?
--b.
>
> Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> ---
> fs/nfsd/vfs.c | 9 +++++++--
> 1 files changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
> index ab93fcf..46e6bd2 100644
> --- a/fs/nfsd/vfs.c
> +++ b/fs/nfsd/vfs.c
> @@ -116,10 +116,15 @@ nfsd_cross_mnt(struct svc_rqst *rqstp, struct dentry **dpp,
> }
> if ((exp->ex_flags & NFSEXP_CROSSMOUNT) || EX_NOHIDE(exp2)) {
> /* successfully crossed mount point */
> - exp_put(exp);
> - *expp = exp2;
> + /*
> + * This is subtle: dentry is *not* under mnt at this point.
> + * The only reason we are safe is that original mnt is pinned
> + * down by exp, so we should dput before putting exp.
> + */
> dput(dentry);
> *dpp = mounts;
> + exp_put(exp);
> + *expp = exp2;
> } else {
> exp_put(exp2);
> dput(mounts);
> --
> 1.5.6.5
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
