On Thu, Sep 06, 2012 at 11:05:26AM +0800, Guo Chao wrote: > On Wed, Sep 05, 2012 at 04:55:15PM -0400, J. Bruce Fields wrote: > > From: "J. Bruce Fields" <bfields@xxxxxxxxxx> > > diff --git a/fs/namei.c b/fs/namei.c > > index 1b46439..6156135 100644 > > --- a/fs/namei.c > > +++ b/fs/namei.c > > @@ -3658,6 +3658,7 @@ static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry, > > struct inode *new_dir, struct dentry *new_dentry) > > { > > struct inode *target = new_dentry->d_inode; > > + struct inode *source = old_dentry->d_inode; > > int error; > > > > error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry); > > @@ -3665,8 +3666,7 @@ static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry, > > return error; > > > > dget(new_dentry); > > - if (target) > > - mutex_lock(&target->i_mutex); > > + lock_two_nondirectories(source, target); > > > > error = -EBUSY; > > if (d_mountpoint(old_dentry)||d_mountpoint(new_dentry)) > > @@ -3681,8 +3681,7 @@ static int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry, > > if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE)) > > d_move(old_dentry, new_dentry); > > out: > > - if (target) > > - mutex_unlock(&target->i_mutex); > > + unlock_two_nondirectories(source, target); > > dput(new_dentry); > > return error; > > } > > > > This change also fixes a race between rename and mount. > > Apparently we avoid to rename source or target if they are > mountpoint. But nothing prevents source being the mountpoint > after d_mountpoint check because we do not hold its i_mutex. > > Thus we are actually able to rename a mountpoint. > > Rename directory should also need this care. Do you have any practical way to reproduce that race? --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html