From 84f0cd9e83daa9a9c3e640f6d108e7e86edf0d86 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Tue, 3 Mar 2020 10:14:30 -0500 Subject: [PATCH] pick_link(): pass it struct path already with normal refcounting rules step_into() tries to avoid grabbing and dropping mount references on the steps that do not involve crossing mountpoints (which is obviously the majority of cases). So it uses a local struct path with unusual refcounting rules - path.mnt is pinned if and only if it's not equal to nd->path.mnt. We used to have similar beasts all over the place and we had quite a few bugs crop up in their handling - it's easy to get confused when changing e.g. cleanup on failure exits (or adding a new check, etc.) Now that's mostly gone - the step_into() instance (which is what we need them for) is the only one left. It is exposed to mount traversal and it's (shortly) seen by pick_link(). Since pick_link() needs to store it in link stack, where the normal rules apply, it has to make sure that mount is pinned regardless of nd->path.mnt value. That's done on all calls of pick_link() and very early in those. Let's do that in the caller (step_into()) instead - that way the fewer places need to be aware of such struct path instances. Signed-off-by: Al Viro --- fs/namei.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 1f092f9e321b..aab4eee6d56a 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1602,13 +1602,10 @@ static const char *pick_link(struct nameidata *nd, struct path *link, int error; if (unlikely(nd->total_link_count++ >= MAXSYMLINKS)) { - path_to_nameidata(link, nd); + if (!(nd->flags & LOOKUP_RCU)) + path_put(link); return ERR_PTR(-ELOOP); } - if (!(nd->flags & LOOKUP_RCU)) { - if (link->mnt == nd->path.mnt) - mntget(link->mnt); - } error = nd_alloc_stack(nd); if (unlikely(error)) { if (error == -ECHILD) { @@ -1713,10 +1710,13 @@ static const char *step_into(struct nameidata *nd, int flags, nd->seq = seq; return NULL; } - /* make sure that d_is_symlink above matches inode */ if (nd->flags & LOOKUP_RCU) { + /* make sure that d_is_symlink above matches inode */ if (read_seqcount_retry(&path.dentry->d_seq, seq)) return ERR_PTR(-ECHILD); + } else { + if (path.mnt == nd->path.mnt) + mntget(path.mnt); } return pick_link(nd, &path, inode, seq, flags); } -- GitLab