VFS: move BUG_ON test for symlink nd->depth after current->link_count test

This solves a serious VFS-level bug in nested_symlink (which was
rewritten from do_follow_link), and follows the order of depth tests
that existed before.

The bug triggers a BUG_ON in fs/namei.c:1381, when running racer with
symlink and rename ops.

Signed-off-by: Erez Zadok <ezk@cs.sunysb.edu>
Acked-by: Miklos Szeredi <mszeredi@suse.cz>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Erez Zadok 2011-05-21 01:19:59 -04:00 committed by Linus Torvalds
parent 052497553e
commit 1a4022f88d

View File

@ -1378,12 +1378,12 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
{ {
int res; int res;
BUG_ON(nd->depth >= MAX_NESTED_LINKS);
if (unlikely(current->link_count >= MAX_NESTED_LINKS)) { if (unlikely(current->link_count >= MAX_NESTED_LINKS)) {
path_put_conditional(path, nd); path_put_conditional(path, nd);
path_put(&nd->path); path_put(&nd->path);
return -ELOOP; return -ELOOP;
} }
BUG_ON(nd->depth >= MAX_NESTED_LINKS);
nd->depth++; nd->depth++;
current->link_count++; current->link_count++;