procfs: fix race between symlink removals and traversals

use_pde()/unuse_pde() in ->follow_link()/->put_link() resp.

Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/fs/proc/generic.c b/fs/proc/generic.c
index 3309f59d421ba6e5b806651dcc1d926143470953..be65b208213518f267d9fe16b5652b5021700cf5 100644 (file)
--- a/fs/proc/generic.c
+++ b/fs/proc/generic.c
@@ -19,7 +19,6 @@
 #include <linux/mount.h>
 #include <linux/init.h>
 #include <linux/idr.h>
-#include <linux/namei.h>
 #include <linux/bitops.h>
 #include <linux/spinlock.h>
 #include <linux/completion.h>
@@ -223,17 +222,6 @@ void proc_free_inum(unsigned int inum)
        spin_unlock_irqrestore(&proc_inum_lock, flags);
 }
 
-static void *proc_follow_link(struct dentry *dentry, struct nameidata *nd)
-{
-       nd_set_link(nd, __PDE_DATA(dentry->d_inode));
-       return NULL;
-}
-
-static const struct inode_operations proc_link_inode_operations = {
-       .readlink       = generic_readlink,
-       .follow_link    = proc_follow_link,
-};
-
 /*
  * Don't create negative dentries here, return -ENOENT by hand
  * instead.

diff --git a/fs/proc/inode.c b/fs/proc/inode.c
index 13a50a32652dc868ab94084a1e07fb4a809e43da..7697b6621cfd5b13051318ba15920646942ed528 100644 (file)
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
@@ -23,6 +23,7 @@
 #include <linux/slab.h>
 #include <linux/mount.h>
 #include <linux/magic.h>
+#include <linux/namei.h>
 
 #include <asm/uaccess.h>
 
@@ -393,6 +394,26 @@ static const struct file_operations proc_reg_file_ops_no_compat = {
 };
 #endif
 
+static void *proc_follow_link(struct dentry *dentry, struct nameidata *nd)
+{
+       struct proc_dir_entry *pde = PDE(dentry->d_inode);
+       if (unlikely(!use_pde(pde)))
+               return ERR_PTR(-EINVAL);
+       nd_set_link(nd, pde->data);
+       return pde;
+}
+
+static void proc_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
+{
+       unuse_pde(p);
+}
+
+const struct inode_operations proc_link_inode_operations = {
+       .readlink       = generic_readlink,
+       .follow_link    = proc_follow_link,
+       .put_link       = proc_put_link,
+};
+
 struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
 {
        struct inode *inode = new_inode_pseudo(sb);

diff --git a/fs/proc/internal.h b/fs/proc/internal.h
index 6fcdba573e0fa2471e668e96217f366bed749050..c835b94c0cd3afec0bea4017ca8bacd63b32ff8e 100644 (file)
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
@@ -200,6 +200,7 @@ struct pde_opener {
        int closing;
        struct completion *c;
 };
+extern const struct inode_operations proc_link_inode_operations;
 
 extern const struct inode_operations proc_pid_link_inode_operations;