summaryrefslogtreecommitdiffstats
path: root/fs/open.c
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2010-10-29 09:30:42 +0200
committerAl Viro <viro@zeniv.linux.org.uk>2010-10-29 10:14:56 +0200
commitd893f1bc2a9f0f7dcb4b433452c59f9bedac0d7d (patch)
treeb3cf84a271ccb19529d83a544b6024bbb23a7801 /fs/open.c
parenta couple of open-coded ihold() introduced by nfs merge (diff)
downloadlinux-d893f1bc2a9f0f7dcb4b433452c59f9bedac0d7d.tar.xz
linux-d893f1bc2a9f0f7dcb4b433452c59f9bedac0d7d.zip
fix open/umount race
nameidata_to_filp() drops nd->path or transfers it to opened file. In the former case it's a Bad Idea(tm) to do mnt_drop_write() on nd->path.mnt, since we might race with umount and vfsmount in question might be gone already. Fix: don't drop it, then... IOW, have nameidata_to_filp() grab nd->path in case it transfers it to file and do path_drop() in callers. After they are through with accessing nd->path... Reported-by: Miklos Szeredi <miklos@szeredi.hu> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to '')
-rw-r--r--fs/open.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/fs/open.c b/fs/open.c
index d74e1983e8dc..4197b9ed023d 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -786,11 +786,11 @@ struct file *nameidata_to_filp(struct nameidata *nd)
/* Pick up the filp from the open intent */
filp = nd->intent.open.file;
/* Has the filesystem initialised the file for us? */
- if (filp->f_path.dentry == NULL)
+ if (filp->f_path.dentry == NULL) {
+ path_get(&nd->path);
filp = __dentry_open(nd->path.dentry, nd->path.mnt, filp,
NULL, cred);
- else
- path_put(&nd->path);
+ }
return filp;
}