From: Rui Wang <rui.y.wang@xxxxxxxxx> Date: Fri, 8 Jan 2016 23:09:59 +0800 commit ce9113bbcbf45a57c082d6603b9a9f342be3ef74 upstream. ovl_remove_upper() should do d_drop() only after it successfully removes the dir, otherwise a subsequent getcwd() system call will fail, breaking userspace programs. This is to fix: https://bugzilla.kernel.org/show_bug.cgi?id=110491 Signed-off-by: Rui Wang <rui.y.wang@xxxxxxxxx> Reviewed-by: Konstantin Khlebnikov <koct9i@xxxxxxxxx> Signed-off-by: Miklos Szeredi <miklos@xxxxxxxxxx> Cc: <stable@xxxxxxxxxxxxxxx> --- fs/overlayfs/dir.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -618,7 +618,8 @@ static int ovl_remove_upper(struct dentr * sole user of this dentry. Too tricky... Just unhash for * now. */ - d_drop(dentry); + if (!err) + d_drop(dentry); mutex_unlock(&dir->i_mutex); return err; -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html