• Al Viro's avatar
    fix open/umount race · d893f1bc
    Al Viro authored
    nameidata_to_filp() drops nd->path or transfers it to opened
    file.  In the former case it's a Bad Idea(tm) to do mnt_drop_write()
    on nd->path.mnt, since we might race with umount and vfsmount in
    question might be gone already.
    Fix: don't drop it, then...  IOW, have nameidata_to_filp() grab nd->path
    in case it transfers it to file and do path_drop() in callers.  After
    they are through with accessing nd->path...
    Reported-by: default avatarMiklos Szeredi <miklos@szeredi.hu>
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
open.c 23.7 KB