vfs: fix BUG_ON() in fs/namei.c:1461
authorLinus Torvalds <torvalds@linux-foundation.org>
Wed, 16 Feb 2011 16:56:55 +0000 (08:56 -0800)
committerLinus Torvalds <torvalds@linux-foundation.org>
Wed, 16 Feb 2011 16:56:55 +0000 (08:56 -0800)
When Al moved the nameidata_dentry_drop_rcu_maybe() call into the
do_follow_link function in commit 844a391799c2 ("nothing in
do_follow_link() is going to see RCU"), he mistakenly left the

BUG_ON(inode != path->dentry->d_inode);

behind.  Which would otherwise be ok, but that BUG_ON() really needs to
be _after_ dropping RCU, since the dentry isn't necessarily stable
otherwise.

So complete the code movement in that commit, and move the BUG_ON() into
do_follow_link() too.  This means that we need to pass in 'inode' as an
argument (just for this one use), but that's a small thing.  And
eventually we may be confident enough in our path lookup that we can
just remove the BUG_ON() and the unnecessary inode argument.

Reported-and-tested-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/namei.c

index 9e701e28a329ac5bd5aa0ab36a4eb0e21aa8076e..0087cf9c2c6bccaf99000fbd0bfe95257549d81b 100644 (file)
@@ -795,7 +795,7 @@ __do_follow_link(const struct path *link, struct nameidata *nd, void **p)
  * Without that kind of total limit, nasty chains of consecutive
  * symlinks can cause almost arbitrarily long lookups. 
  */
-static inline int do_follow_link(struct path *path, struct nameidata *nd)
+static inline int do_follow_link(struct inode *inode, struct path *path, struct nameidata *nd)
 {
        void *cookie;
        int err = -ELOOP;
@@ -803,6 +803,7 @@ static inline int do_follow_link(struct path *path, struct nameidata *nd)
        /* We drop rcu-walk here */
        if (nameidata_dentry_drop_rcu_maybe(nd, path->dentry))
                return -ECHILD;
+       BUG_ON(inode != path->dentry->d_inode);
 
        if (current->link_count >= MAX_NESTED_LINKS)
                goto loop;
@@ -1413,8 +1414,7 @@ exec_again:
                        goto out_dput;
 
                if (inode->i_op->follow_link) {
-                       BUG_ON(inode != next.dentry->d_inode);
-                       err = do_follow_link(&next, nd);
+                       err = do_follow_link(inode, &next, nd);
                        if (err)
                                goto return_err;
                        nd->inode = nd->path.dentry->d_inode;
@@ -1458,8 +1458,7 @@ last_component:
                        break;
                if (inode && unlikely(inode->i_op->follow_link) &&
                    (lookup_flags & LOOKUP_FOLLOW)) {
-                       BUG_ON(inode != next.dentry->d_inode);
-                       err = do_follow_link(&next, nd);
+                       err = do_follow_link(inode, &next, nd);
                        if (err)
                                goto return_err;
                        nd->inode = nd->path.dentry->d_inode;