mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-03 19:53:32 +00:00
__follow_mount_rcu(): verify that mount_lock remains unchanged
Validate mount_lock seqcount as soon as we cross into mount in RCU
mode. Sure, ->mnt_root is pinned and will remain so until we
do rcu_read_unlock() anyway, and we will eventually fail to unlazy if
the mount_lock had been touched, but we might run into a hard error
(e.g. -ENOENT) before trying to unlazy. And it's possible to end
up with RCU pathwalk racing with rename() and umount() in a way
that would fail with -ENOENT while non-RCU pathwalk would've
succeeded with any timings.
Once upon a time we hadn't needed that, but analysis had been subtle,
brittle and went out of window as soon as RENAME_EXCHANGE had been
added.
It's narrow, hard to hit and won't get you anything other than
stray -ENOENT that could be arranged in much easier way with the
same priveleges, but it's a bug all the same.
Cc: stable@kernel.org
X-sky-is-falling: unlikely
Fixes: da1ce0670c
"vfs: add cross-rename"
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
b13baccc38
commit
20aac6c609
@ -1505,6 +1505,8 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
|
||||
* becoming unpinned.
|
||||
*/
|
||||
flags = dentry->d_flags;
|
||||
if (read_seqretry(&mount_lock, nd->m_seq))
|
||||
return false;
|
||||
continue;
|
||||
}
|
||||
if (read_seqretry(&mount_lock, nd->m_seq))
|
||||
|
Loading…
Reference in New Issue
Block a user