From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
CC: akpm@linux-foundation.org, nuxi@vault24.org
Date: Tue, 17 Feb 2015 01:46:53 +0000
Message-ID: <lsq.1424137613.56892113@decadent.org.uk>
Subject: [PATCH 3.2 148/152] vfs: Fix vfsmount_lock imbalance in path_init()
In-Reply-To: <lsq.1424137613.308090640@decadent.org.uk>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

3.2.67-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Ben Hutchings <ben@decadent.org.uk>

When backporting commit 4023bfc9f351 ("be careful with nd->inode in
path_init() and follow_dotdot_rcu()"), I failed to account for the
vfsmount_lock that is used in 3.2 but not upstream.  path_init() takes
the lock if performing RCU lookup, but must drop it if (and only if)
it subsequently fails.

Reported-by: nuxi@vault24.org
References: https://bugzilla.kernel.org/show_bug.cgi?id=92531
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Tested-by: nuxi@vault24.org
---
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1567,6 +1567,7 @@ static int path_init(int dfd, const char
 	if (!(nd->flags & LOOKUP_ROOT))
 		nd->root.mnt = NULL;
 	rcu_read_unlock();
+	br_read_unlock(vfsmount_lock);
 	return -ECHILD;
 
 fput_fail: