From mboxrd@z Thu Jan  1 00:00:00 1970
From: Al Viro <viro@ZenIV.linux.org.uk>
Subject: Re: [PATCH] 2.6.39/40 kernel BUG at fs/namei.c:1381
Date: Sat, 21 May 2011 23:27:37 +0100
Message-ID: <20110521222737.GH19987@ZenIV.linux.org.uk>
References: <EB998D26-7B85-41ED-B279-A9DBCB67AF9A@fsl.cs.sunysb.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
	akpm@linux-foundation.org, Christoph Hellwig <hch@infradead.org>,
	linux-fsdevel@vger.kernel.org, stable@kernel.org
To: Erez Zadok <ezk@fsl.cs.sunysb.edu>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from zeniv.linux.org.uk ([195.92.253.2]:37225 "EHLO
	ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753349Ab1EUW1o (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Sat, 21 May 2011 18:27:44 -0400
Content-Disposition: inline
In-Reply-To: <EB998D26-7B85-41ED-B279-A9DBCB67AF9A@fsl.cs.sunysb.edu>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Sat, May 21, 2011 at 01:19:59AM -0400, Erez Zadok wrote:
> VFS: move BUG_ON test for symlink nd->depth after current->link_count test
> 
> This solves a serious VFS-level bug in nested_symlink (which was rewritten from
> do_follow_link), and follows the order of depth tests that existed before.
> The bug triggers a BUG_ON in fs/namei.c:1381, when running racer with
> symlink and rename ops.

Racer has nothing to do with that; just a deeply nested symlink in the middle
of pathname will do.

> -	BUG_ON(nd->depth >= MAX_NESTED_LINKS);
>  	if (unlikely(current->link_count >= MAX_NESTED_LINKS)) {
>  		path_put_conditional(path, nd);
>  		path_put(&nd->path);
>  		return -ELOOP;
>  	}
> +	BUG_ON(nd->depth >= MAX_NESTED_LINKS);

ACK (and AFAICS Linus has already applied that).