[124/244] restore pinning the victim dentry in vfs_rmdir()/vfs_rename_dir()
From: Greg KH
Date: Wed Sep 28 2011 - 19:07:57 EST
3.0-stable review patch. If anyone has any objections, please let us know.
------------------
From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
commit 1d2ef5901483004d74947bbf78d5146c24038fe7 upstream.
We used to get the victim pinned by dentry_unhash() prior to commit
64252c75a219 ("vfs: remove dget() from dentry_unhash()") and ->rmdir()
and ->rename() instances relied on that; most of them don't care, but
ones that used d_delete() themselves do. As the result, we are getting
rmdir() oopses on NFS now.
Just grab the reference before locking the victim and drop it explicitly
after unlocking, same as vfs_rename_other() does.
Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Tested-by: Simon Kirby <sim@xxxxxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>
---
fs/namei.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2582,6 +2582,7 @@ int vfs_rmdir(struct inode *dir, struct
if (!dir->i_op->rmdir)
return -EPERM;
+ dget(dentry);
mutex_lock(&dentry->d_inode->i_mutex);
error = -EBUSY;
@@ -2602,6 +2603,7 @@ int vfs_rmdir(struct inode *dir, struct
out:
mutex_unlock(&dentry->d_inode->i_mutex);
+ dput(dentry);
if (!error)
d_delete(dentry);
return error;
@@ -3005,6 +3007,7 @@ static int vfs_rename_dir(struct inode *
if (error)
return error;
+ dget(new_dentry);
if (target)
mutex_lock(&target->i_mutex);
@@ -3025,6 +3028,7 @@ static int vfs_rename_dir(struct inode *
out:
if (target)
mutex_unlock(&target->i_mutex);
+ dput(new_dentry);
if (!error)
if (!(old_dir->i_sb->s_type->fs_flags & FS_RENAME_DOES_D_MOVE))
d_move(old_dentry,new_dentry);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/