fix bogus path_put() of nd->root after some unlazy_walk() failures
authorAl Viro <viro@zeniv.linux.org.uk>
Fri, 29 Nov 2013 06:48:32 +0000 (01:48 -0500)
committerAl Viro <viro@zeniv.linux.org.uk>
Fri, 29 Nov 2013 06:50:51 +0000 (01:50 -0500)
Failure to grab reference to parent dentry should go through the
same cleanup as nd->seq mismatch.  As it is, we might end up with
caller thinking it needs to path_put() nd->root, with obvious
nasty results once we'd hit that bug enough times to drive the
refcount of root dentry all the way to zero...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
fs/namei.c

index 8f77a8cea289350b9d0e427b284cc01a2df4691d..c53d3a9547f9295408fa3cfe0d5abfb72023e29e 100644 (file)
@@ -513,8 +513,7 @@ static int unlazy_walk(struct nameidata *nd, struct dentry *dentry)
 
        if (!lockref_get_not_dead(&parent->d_lockref)) {
                nd->path.dentry = NULL; 
-               rcu_read_unlock();
-               return -ECHILD;
+               goto out;
        }
 
        /*