openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

nfsd: racy access to ->d_name in nsfd4_encode_path() 

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro 2013-09-01 16:06:39 -04:00
parent ca4e05195d
commit 301f0268b6
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
fs/nfsd/nfs4xdr.c
View File

@ -1816,10 +1816,7 @@ static __be32 nfsd4_encode_fs_location4(struct nfsd4_fs_location *location,
static __be32 nfsd4_encode_path(const struct path *root, static __be32 nfsd4_encode_path(const struct path *root,
const struct path *path, __be32 **pp, int *buflen) const struct path *path, __be32 **pp, int *buflen)
{ {
struct path cur = { struct path cur = *path;
.mnt = path->mnt,
.dentry = path->dentry,
};
__be32 *p = *pp; __be32 *p = *pp;
struct dentry **components = NULL; struct dentry **components = NULL;
unsigned int ncomponents = 0; unsigned int ncomponents = 0;
@ -1859,14 +1856,19 @@ static __be32 nfsd4_encode_path(const struct path *root,
while (ncomponents) { while (ncomponents) {
struct dentry *dentry = components[ncomponents - 1]; struct dentry *dentry = components[ncomponents - 1];
unsigned int len = dentry->d_name.len; unsigned int len;
spin_lock(&dentry->d_lock);
len = dentry->d_name.len;
*buflen -= 4 + (XDR_QUADLEN(len) << 2); *buflen -= 4 + (XDR_QUADLEN(len) << 2);
if (*buflen < 0) if (*buflen < 0) {
spin_unlock(&dentry->d_lock);
goto out_free; goto out_free;
}
WRITE32(len); WRITE32(len);
WRITEMEM(dentry->d_name.name, len); WRITEMEM(dentry->d_name.name, len);
dprintk("/%s", dentry->d_name.name); dprintk("/%s", dentry->d_name.name);
spin_unlock(&dentry->d_lock);
dput(dentry); dput(dentry);
ncomponents--; ncomponents--;
} }