diff options
author | Sachin Prabhu <sprabhu@redhat.com> | 2012-11-05 12:39:32 +0100 |
---|---|---|
committer | Jeff Layton <jlayton@redhat.com> | 2012-11-05 12:45:54 +0100 |
commit | 3798f47aa276b332c30da499cb4df4577e2f8872 (patch) | |
tree | edec5d4cdab0891ac1b40b64e6265faf680641ea /fs/cifs/dir.c | |
parent | cifs: fix potential buffer overrun in cifs.idmap handling code (diff) | |
download | linux-3798f47aa276b332c30da499cb4df4577e2f8872.tar.xz linux-3798f47aa276b332c30da499cb4df4577e2f8872.zip |
cifs: Do not lookup hashed negative dentry in cifs_atomic_open
We do not need to lookup a hashed negative directory since we have
already revalidated it before and have found it to be fine.
This also prevents a crash in cifs_lookup() when it attempts to rehash
the already hashed negative lookup dentry.
The patch has been tested using the reproducer at
https://bugzilla.redhat.com/show_bug.cgi?id=867344#c28
Cc: <stable@kernel.org> # 3.6.x
Reported-by: Vit Zahradka <vit.zahradka@tiscali.cz>
Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Diffstat (limited to 'fs/cifs/dir.c')
-rw-r--r-- | fs/cifs/dir.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c index 7c0a81283645..d3671f2acb29 100644 --- a/fs/cifs/dir.c +++ b/fs/cifs/dir.c @@ -398,7 +398,16 @@ cifs_atomic_open(struct inode *inode, struct dentry *direntry, * in network traffic in the other paths. */ if (!(oflags & O_CREAT)) { - struct dentry *res = cifs_lookup(inode, direntry, 0); + struct dentry *res; + + /* + * Check for hashed negative dentry. We have already revalidated + * the dentry and it is fine. No need to perform another lookup. + */ + if (!d_unhashed(direntry)) + return -ENOENT; + + res = cifs_lookup(inode, direntry, 0); if (IS_ERR(res)) return PTR_ERR(res); |