From: Erez Zadok Date: Sat, 21 May 2011 05:19:59 +0000 (-0400) Subject: VFS: move BUG_ON test for symlink nd->depth after current->link_count test X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=1a4022f88d40e1255920b017556092ab926d7f66;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git VFS: move BUG_ON test for symlink nd->depth after current->link_count test This solves a serious VFS-level bug in nested_symlink (which was rewritten from do_follow_link), and follows the order of depth tests that existed before. The bug triggers a BUG_ON in fs/namei.c:1381, when running racer with symlink and rename ops. Signed-off-by: Erez Zadok Acked-by: Miklos Szeredi Cc: stable@kernel.org Signed-off-by: Linus Torvalds --- diff --git a/fs/namei.c b/fs/namei.c index e3c4f112ebf7..6ff858c049c0 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1378,12 +1378,12 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) { int res; - BUG_ON(nd->depth >= MAX_NESTED_LINKS); if (unlikely(current->link_count >= MAX_NESTED_LINKS)) { path_put_conditional(path, nd); path_put(&nd->path); return -ELOOP; } + BUG_ON(nd->depth >= MAX_NESTED_LINKS); nd->depth++; current->link_count++;