From mboxrd@z Thu Jan  1 00:00:00 1970
From: Al Viro <viro@ZenIV.linux.org.uk>
Subject: Re: Intentionally corrupted vfat fs causing BUG
Date: Thu, 23 Oct 2014 17:16:06 +0100
Message-ID: <20141023161606.GC7996@ZenIV.linux.org.uk>
References: <87h9z97aoh.fsf@devron.myhome.or.jp>
 <CAFLxGvxiP8mUK4Kjm1p9m5J=d5qNpcpXuJddkRVFkc++BFFnFg@mail.gmail.com>
 <8761fo7667.fsf@devron.myhome.or.jp>
 <543B8BC7.1040501@nod.at>
 <87y4sk5pul.fsf@devron.myhome.or.jp>
 <543B8FA7.9000106@nod.at>
 <87r3yc5oqt.fsf@devron.myhome.or.jp>
 <5443E87A.2060207@nod.at>
 <87oat29551.fsf@devron.myhome.or.jp>
 <20141023160106.GB7996@ZenIV.linux.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Richard Weinberger <richard@nod.at>,
	Sami Liedes <sami.liedes@iki.fi>,
	linux-fsdevel <linux-fsdevel@vger.kernel.org>
To: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from zeniv.linux.org.uk ([195.92.253.2]:37406 "EHLO
	ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1755659AbaJWQQK (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Thu, 23 Oct 2014 12:16:10 -0400
Content-Disposition: inline
In-Reply-To: <20141023160106.GB7996@ZenIV.linux.org.uk>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Thu, Oct 23, 2014 at 05:01:06PM +0100, Al Viro wrote:

> Hmm...  Why hadn't d_splice_alias() caught that, though?

Aha.  It's not namei_msdos.c part, it's namei_vfat.c one.  And there
we don't call d_splice_alias() on the affected path...

OK, so your check isn't enough.  What we need there is this:
	if (alias && alias->d_parent == dentry->d_parent && ...)
Otherwise that d_move() isn't safe at all.

Moreover, for directories we don't want to bother with that codepath
at all - d_splice_alias() will do that d_move() just fine there.