VFS: move BUG_ON test for symlink nd->depth after current->link_count test

This solves a serious VFS-level bug in nested_symlink (which was rewritten from do_follow_link), and follows the order of depth tests that existed before. The bug triggers a BUG_ON in fs/namei.c:1381, when running racer with symlink and rename ops. Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu> Acked-by: Miklos Szeredi <mszeredi@suse.cz> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

VFS: move BUG_ON test for symlink nd->depth after current->link_count test
This solves a serious VFS-level bug in nested_symlink (which was rewritten from do_follow_link), and follows the order of depth tests that existed before. The bug triggers a BUG_ON in fs/namei.c:1381, when running racer with symlink and rename ops. Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu> Acked-by: Miklos Szeredi <mszeredi@suse.cz> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Erez Zadok · Linus Torvalds
1 parent 052497553e
Showing 1 changed file with 1 additions and 1 deletions Side-by-side Diff
fs/namei.c
@@ -1378,12 +1378,12 @@
 {
 	int res;
  
-	BUG_ON(nd->depth >= MAX_NESTED_LINKS);
 	if (unlikely(current->link_count >= MAX_NESTED_LINKS)) {
 		path_put_conditional(path, nd);
 		path_put(&nd->path);
 		return -ELOOP;
 	}
+	BUG_ON(nd->depth >= MAX_NESTED_LINKS);
  
 	nd->depth++;
 	current->link_count++;
...	...	@@ -1378,12 +1378,12 @@
1378	1378	{
1379	1379	int res;
1380	1380
1381		- BUG_ON(nd->depth >= MAX_NESTED_LINKS);
1382	1381	if (unlikely(current->link_count >= MAX_NESTED_LINKS)) {
1383	1382	path_put_conditional(path, nd);
1384	1383	path_put(&nd->path);
1385	1384	return -ELOOP;
1386	1385	}
	1386	+ BUG_ON(nd->depth >= MAX_NESTED_LINKS);
1387	1387
1388	1388	nd->depth++;
1389	1389	current->link_count++;