From: Al Viro Date: Mon, 6 Jun 2005 20:36:08 +0000 (-0700) Subject: [PATCH] namei fixes (13/19) X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=ba7a4c1a76f56c607560f1676680ff491747bdae;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git [PATCH] namei fixes (13/19) In open_namei() exit_dput: we have mntput() done in the wrong order - if nd->mnt != path.mnt we end up doing mntput(nd->mnt); nd->mnt = path.mnt; dput(nd->dentry); mntput(nd->mnt); which drops nd->dentry too late. Fixed by having path.mnt go first. That allows to switch O_NOFOLLOW under if (__follow_mount(...)) back to exit_dput, while we are at it. Fix for early-mntput() race + equivalent transformation. Signed-off-by: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/fs/namei.c b/fs/namei.c index 37fcf941fa3f..5153f57ee6b3 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1501,11 +1501,8 @@ do_last: if (__follow_mount(&path)) { error = -ELOOP; - if (flag & O_NOFOLLOW) { - dput(path.dentry); - mntput(path.mnt); - goto exit; - } + if (flag & O_NOFOLLOW) + goto exit_dput; } error = -ENOENT; if (!path.dentry->d_inode) @@ -1530,8 +1527,7 @@ ok: exit_dput: dput(path.dentry); if (nd->mnt != path.mnt) - mntput(nd->mnt); - nd->mnt = path.mnt; + mntput(path.mnt); exit: path_release(nd); return error;