[PATCH] namei fixes (16/19)
Conditional mntput() moved into __do_follow_link(). There it collapses with
unconditional mntget() on the same sucker, closing another too-early-mntput()
race.
Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
diff --git a/fs/namei.c b/fs/namei.c
index 6a88468..444086d 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -506,7 +506,8 @@
touch_atime(nd->mnt, dentry);
nd_set_link(nd, NULL);
- mntget(path->mnt);
+ if (path->mnt == nd->mnt)
+ mntget(path->mnt);
error = dentry->d_inode->i_op->follow_link(dentry, nd);
if (!error) {
char *s = nd_get_link(nd);
@@ -543,8 +544,6 @@
current->link_count++;
current->total_link_count++;
nd->depth++;
- if (path->mnt != nd->mnt)
- mntput(path->mnt);
err = __do_follow_link(path, nd);
current->link_count--;
nd->depth--;
@@ -1550,8 +1549,6 @@
error = security_inode_follow_link(path.dentry, nd);
if (error)
goto exit_dput;
- if (nd->mnt != path.mnt)
- mntput(path.mnt);
error = __do_follow_link(&path, nd);
if (error)
return error;