summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2009-03-31 02:36:33 +0200
committerAl Viro <viro@zeniv.linux.org.uk>2009-04-01 05:00:25 +0200
commitf8ef3ed2bebd2c4cb9ece92efa185d7aead8831a (patch)
treef6208725f0b2ecd43e393435fa7fb8ad1be1b14b
parentKill unsharing fs_struct in __set_personality() (diff)
downloadlinux-f8ef3ed2bebd2c4cb9ece92efa185d7aead8831a.tar.xz
linux-f8ef3ed2bebd2c4cb9ece92efa185d7aead8831a.zip
Get rid of bumping fs_struct refcount in pivot_root(2)
Not because execve races with _that_ are serious - we really need a situation when final drop of fs_struct refcount is done by something that used to have it as current->fs. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r--fs/namespace.c26
1 files changed, 17 insertions, 9 deletions
diff --git a/fs/namespace.c b/fs/namespace.c
index 0a42e0e96027..f7ec283ccfbb 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2131,25 +2131,33 @@ static void chroot_fs_refs(struct path *old_root, struct path *new_root)
{
struct task_struct *g, *p;
struct fs_struct *fs;
+ int count = 0;
read_lock(&tasklist_lock);
do_each_thread(g, p) {
task_lock(p);
fs = p->fs;
if (fs) {
- atomic_inc(&fs->count);
- task_unlock(p);
+ write_lock(&fs->lock);
if (fs->root.dentry == old_root->dentry
- && fs->root.mnt == old_root->mnt)
- set_fs_root(fs, new_root);
+ && fs->root.mnt == old_root->mnt) {
+ path_get(new_root);
+ fs->root = *new_root;
+ count++;
+ }
if (fs->pwd.dentry == old_root->dentry
- && fs->pwd.mnt == old_root->mnt)
- set_fs_pwd(fs, new_root);
- put_fs_struct(fs);
- } else
- task_unlock(p);
+ && fs->pwd.mnt == old_root->mnt) {
+ path_get(new_root);
+ fs->pwd = *new_root;
+ count++;
+ }
+ write_unlock(&fs->lock);
+ }
+ task_unlock(p);
} while_each_thread(g, p);
read_unlock(&tasklist_lock);
+ while (count--)
+ path_put(old_root);
}
/*