From: Al Viro Date: Fri, 29 Nov 2013 06:48:32 +0000 (-0500) Subject: fix bogus path_put() of nd->root after some unlazy_walk() failures X-Git-Tag: firefly_0821_release~176^2~4858^2 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=d870b4a191a389c661cd40aacb06981c26b5e504;p=firefly-linux-kernel-4.4.55.git fix bogus path_put() of nd->root after some unlazy_walk() failures Failure to grab reference to parent dentry should go through the same cleanup as nd->seq mismatch. As it is, we might end up with caller thinking it needs to path_put() nd->root, with obvious nasty results once we'd hit that bug enough times to drive the refcount of root dentry all the way to zero... Signed-off-by: Al Viro --- diff --git a/fs/namei.c b/fs/namei.c index 8f77a8cea289..c53d3a9547f9 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -513,8 +513,7 @@ static int unlazy_walk(struct nameidata *nd, struct dentry *dentry) if (!lockref_get_not_dead(&parent->d_lockref)) { nd->path.dentry = NULL; - rcu_read_unlock(); - return -ECHILD; + goto out; } /*