• Al Viro's avatar
    cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) · 169b8033
    Al Viro authored
    the victim might've been rmdir'ed just before the lock_rename();
    unlike the normal callers, we do not look the source up after the
    parents are locked - we know it beforehand and just recheck that it's
    still the child of what used to be its parent.  Unfortunately,
    the check is too weak - we don't spot a dead directory since its
    ->d_parent is unchanged, dentry is positive, etc.  So we sail all
    the way to ->rename(), with hosting filesystems _not_ expecting
    to be asked renaming an rmdir'ed subdirectory.
    
    The fix is easy, fortunately - the lock on parent is sufficient for
    making IS_DEADDIR() on child safe.
    
    Cc: stable@vger.kernel.org
    Fixes: 9ae326a6 (CacheFiles: A cache that backs onto a mounted filesystem)
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    169b8033
Name
Last commit
Last update
..
Kconfig Loading commit data...
Makefile Loading commit data...
bind.c Loading commit data...
daemon.c Loading commit data...
interface.c Loading commit data...
internal.h Loading commit data...
key.c Loading commit data...
main.c Loading commit data...
namei.c Loading commit data...
proc.c Loading commit data...
rdwr.c Loading commit data...
security.c Loading commit data...
xattr.c Loading commit data...