On Thu, Sep 06, 2012 at 11:05:26AM +0800, Guo Chao wrote:
> On Wed, Sep 05, 2012 at 04:55:15PM -0400, J. Bruce Fields wrote:
> > From: "J. Bruce Fields" <bfields@xxxxxxxxxx>
> > diff --git a/fs/namei.c b/fs/namei.c
> > index 1b46439..6156135 100644
> > --- a/fs/namei.c
> > +++ b/fs/namei.c
> > @@ -3658,6 +3658,7 @@ static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
> > struct inode *new_dir, struct dentry *new_dentry)
> > {
> > struct inode *target = new_dentry->d_inode;
> > + struct inode *source = old_dentry->d_inode;
> > int error;
> >
> > error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry);
> > @@ -3665,8 +3666,7 @@ static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
> > return error;
> >
> > dget(new_dentry);
> > - if (target)
> > - mutex_lock(&target->i_mutex);
> > + lock_two_nondirectories(source, target);
> >
> > error = -EBUSY;
> > if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry))
> > @@ -3681,8 +3681,7 @@ static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
> > if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
> > d_move(old_dentry, new_dentry);
> > out:
> > - if (target)
> > - mutex_unlock(&target->i_mutex);
> > + unlock_two_nondirectories(source, target);
> > dput(new_dentry);
> > return error;
> > }
> >
>
> This change also fixes a race between rename and mount.
>
> Apparently we avoid to rename source or target if they are
> mountpoint. But nothing prevents source being the mountpoint
> after d_mountpoint check because we do not hold its i_mutex.
>
> Thus we are actually able to rename a mountpoint.
>
> Rename directory should also need this care.
Do you have any practical way to reproduce that race?
--b.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
