[PATCH] namei fixes (9/19)
authorAl Viro <viro@www.linux.org.uk>
Mon, 6 Jun 2005 20:36:05 +0000 (13:36 -0700)
committerLinus Torvalds <torvalds@ppc970.osdl.org>
Mon, 6 Jun 2005 21:42:25 +0000 (14:42 -0700)
New helper: __follow_mount(struct path *path).  Same as follow_mount(), except
that we do *not* do mntput() after the first lookup_mnt().

IOW, original path->mnt stays pinned down.  We also take care to do dput()
before mntput() in the loop body (follow_mount() also needs that reordering,
but that will be done later in the series).

The following are equivalent, assuming that path.mnt == x:
(1)
follow_mount(&path.mnt, &path.dentry)
(2)
__follow_mount(&path);
if (path->mnt != x)
mntput(x);
(3)
if (__follow_mount(&path))
mntput(x);

Callers of follow_mount() in __link_path_walk() converted to (2).

Equivalent transformation + fix for too-late-mntput() race in __follow_mount()
loop.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
fs/namei.c

index 3d08478d31305fa9f501dabbf155fbff7a8fa3f9..23a1ad4679765ed4248d1f8bb9ad18e1193e0dd6 100644 (file)
@@ -576,6 +576,23 @@ int follow_up(struct vfsmount **mnt, struct dentry **dentry)
 /* no need for dcache_lock, as serialization is taken care in
  * namespace.c
  */
+static int __follow_mount(struct path *path)
+{
+       int res = 0;
+       while (d_mountpoint(path->dentry)) {
+               struct vfsmount *mounted = lookup_mnt(path->mnt, path->dentry);
+               if (!mounted)
+                       break;
+               dput(path->dentry);
+               if (res)
+                       mntput(path->mnt);
+               path->mnt = mounted;
+               path->dentry = dget(mounted->mnt_root);
+               res = 1;
+       }
+       return res;
+}
+
 static int follow_mount(struct vfsmount **mnt, struct dentry **dentry)
 {
        int res = 0;
@@ -778,7 +795,9 @@ static fastcall int __link_path_walk(const char * name, struct nameidata *nd)
                if (err)
                        break;
                /* Check mountpoints.. */
-               follow_mount(&next.mnt, &next.dentry);
+               __follow_mount(&next);
+               if (nd->mnt != next.mnt)
+                       mntput(nd->mnt);
 
                err = -ENOENT;
                inode = next.dentry->d_inode;
@@ -836,7 +855,9 @@ last_component:
                err = do_lookup(nd, &this, &next);
                if (err)
                        break;
-               follow_mount(&next.mnt, &next.dentry);
+               __follow_mount(&next);
+               if (nd->mnt != next.mnt)
+                       mntput(nd->mnt);
                inode = next.dentry->d_inode;
                if ((lookup_flags & LOOKUP_FOLLOW)
                    && inode && inode->i_op && inode->i_op->follow_link) {