Eric Lee / linux-smarc-t335x-v3.2

Download as
Browse Code ยป

Commit 7b9337aaf98f9941d0927a75217d3ff31afec609

Authored by Nick Piggin
1 parent f20877d94a
Exists in master and in 4 other branches v3.2_AM335xPSP_04.06.00.11, v3.2_NEWT335xPSP_04.06.00.11, v3.2_SBC_SMARTMEN, v3.2_SMARCT335xPSP_04.06.00.11

fs: namei fix ->put_link on wrong inode in do_filp_open 

J. R. Okajima noticed that ->put_link is being attempted on the
wrong inode, and suggested the way to fix it. I changed it a bit
according to Al's suggestion to keep an explicit link path around.

Signed-off-by: Nick Piggin <npiggin@kernel.dk>

Showing 1 changed file with 19 additions and 18 deletions Side-by-side Diff

... ... @@ -779,7 +779,8 @@
779 779 mntput(path->mnt);
780 780 }
781 781  
782   -static inline void path_to_nameidata(struct path *path, struct nameidata *nd)
  782 +static inline void path_to_nameidata(const struct path *path,
  783 + struct nameidata *nd)
783 784 {
784 785 if (!(nd->flags & LOOKUP_RCU)) {
785 786 dput(nd->path.dentry);
786 787  
787 788  
788 789  
789 790  
... ... @@ -791,20 +792,20 @@
791 792 }
792 793  
793 794 static __always_inline int
794   -__do_follow_link(struct path *path, struct nameidata *nd, void **p)
  795 +__do_follow_link(const struct path *link, struct nameidata *nd, void **p)
795 796 {
796 797 int error;
797   - struct dentry *dentry = path->dentry;
  798 + struct dentry *dentry = link->dentry;
798 799  
799   - touch_atime(path->mnt, dentry);
  800 + touch_atime(link->mnt, dentry);
800 801 nd_set_link(nd, NULL);
801 802  
802   - if (path->mnt != nd->path.mnt) {
803   - path_to_nameidata(path, nd);
  803 + if (link->mnt != nd->path.mnt) {
  804 + path_to_nameidata(link, nd);
804 805 nd->inode = nd->path.dentry->d_inode;
805 806 dget(dentry);
806 807 }
807   - mntget(path->mnt);
  808 + mntget(link->mnt);
808 809  
809 810 nd->last_type = LAST_BIND;
810 811 *p = dentry->d_inode->i_op->follow_link(dentry, nd);
811 812  
... ... @@ -2347,11 +2348,12 @@
2347 2348 nd.flags = flags;
2348 2349 filp = do_last(&nd, &path, open_flag, acc_mode, mode, pathname);
2349 2350 while (unlikely(!filp)) { /* trailing symlink */
2350   - struct path holder;
  2351 + struct path link = path;
  2352 + struct inode *linki = link.dentry->d_inode;
2351 2353 void *cookie;
2352 2354 error = -ELOOP;
2353 2355 /* S_ISDIR part is a temporary automount kludge */
2354   - if (!(nd.flags & LOOKUP_FOLLOW) && !S_ISDIR(nd.inode->i_mode))
  2356 + if (!(nd.flags & LOOKUP_FOLLOW) && !S_ISDIR(linki->i_mode))
2355 2357 goto exit_dput;
2356 2358 if (count++ == 32)
2357 2359 goto exit_dput;
2358 2360  
2359 2361  
2360 2362  
2361 2363  
2362 2364  
... ... @@ -2367,23 +2369,22 @@
2367 2369 * just set LAST_BIND.
2368 2370 */
2369 2371 nd.flags |= LOOKUP_PARENT;
2370   - error = security_inode_follow_link(path.dentry, &nd);
  2372 + error = security_inode_follow_link(link.dentry, &nd);
2371 2373 if (error)
2372 2374 goto exit_dput;
2373   - error = __do_follow_link(&path, &nd, &cookie);
  2375 + error = __do_follow_link(&link, &nd, &cookie);
2374 2376 if (unlikely(error)) {
2375   - if (!IS_ERR(cookie) && nd.inode->i_op->put_link)
2376   - nd.inode->i_op->put_link(path.dentry, &nd, cookie);
  2377 + if (!IS_ERR(cookie) && linki->i_op->put_link)
  2378 + linki->i_op->put_link(link.dentry, &nd, cookie);
2377 2379 /* nd.path had been dropped */
2378   - nd.path = path;
  2380 + nd.path = link;
2379 2381 goto out_path;
2380 2382 }
2381   - holder = path;
2382 2383 nd.flags &= ~LOOKUP_PARENT;
2383 2384 filp = do_last(&nd, &path, open_flag, acc_mode, mode, pathname);
2384   - if (nd.inode->i_op->put_link)
2385   - nd.inode->i_op->put_link(holder.dentry, &nd, cookie);
2386   - path_put(&holder);
  2385 + if (linki->i_op->put_link)
  2386 + linki->i_op->put_link(link.dentry, &nd, cookie);
  2387 + path_put(&link);
2387 2388 }
2388 2389 out:
2389 2390 if (nd.root.mnt)