CIFS: Fix oops while mounting with prefixpath

Message ID	1311602350-10857-1-git-send-email-piastryyy@gmail.com (mailing list archive)
State	New, archived
Headers	show Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.4) with ESMTP id p6PDxLgk007903 for <patchwork-linux-cifs@patchwork.kernel.org>; Mon, 25 Jul 2011 13:59:21 GMT From: Pavel Shilovsky <piastryyy@gmail.com> To: linux-cifs@vger.kernel.org Cc: viro@zeniv.linux.org.uk, smfrench@gmail.com, Jeff Layton <jlayton@redhat.com> Subject: [PATCH] CIFS: Fix oops while mounting with prefixpath Date: Mon, 25 Jul 2011 17:59:10 +0400 Message-Id: <1311602350-10857-1-git-send-email-piastryyy@gmail.com> Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk

Message ID

1311602350-10857-1-git-send-email-piastryyy@gmail.com (mailing list archive)

State

New, archived

Headers

From: Pavel Shilovsky <piastryyy@gmail.com>
To: linux-cifs@vger.kernel.org
Cc: viro@zeniv.linux.org.uk, smfrench@gmail.com,
	Jeff Layton <jlayton@redhat.com>
Subject: [PATCH] CIFS: Fix oops while mounting with prefixpath
Date: Mon, 25 Jul 2011 17:59:10 +0400
Message-Id: <1311602350-10857-1-git-send-email-piastryyy@gmail.com>
Sender: linux-cifs-owner@vger.kernel.org
Precedence: bulk

Commit Message

Pavel Shilovsky July 25, 2011, 1:59 p.m. UTC

commit fec11dd9a0109fe52fd631e5c510778d6cbff6cc caused
a regression when we have already mounted //server/share/a
and want to mount //server/share/a/b.

The problem is that lookup_one_len calls __lookup_hash
with nd pointer as NULL. Then __lookup_hash calls
do_revalidate in the case when dentry exists and we end
up with NULL pointer deference in cifs_d_revalidate:

if (nd->flags & LOOKUP_RCU)
	return -ECHILD;

Fix this by checking nd for NULL.

Signed-off-by: Pavel Shilovsky <piastryyy@gmail.com>
---
 fs/cifs/dir.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Comments

Steve French July 25, 2011, 3:12 p.m. UTC | #1

makes sense.  Doesn't it need to be added to stable.

On Mon, Jul 25, 2011 at 8:59 AM, Pavel Shilovsky <piastryyy@gmail.com> wrote:
> commit fec11dd9a0109fe52fd631e5c510778d6cbff6cc caused
> a regression when we have already mounted //server/share/a
> and want to mount //server/share/a/b.
>
> The problem is that lookup_one_len calls __lookup_hash
> with nd pointer as NULL. Then __lookup_hash calls
> do_revalidate in the case when dentry exists and we end
> up with NULL pointer deference in cifs_d_revalidate:
>
> if (nd->flags & LOOKUP_RCU)
>        return -ECHILD;
>
> Fix this by checking nd for NULL.
>
> Signed-off-by: Pavel Shilovsky <piastryyy@gmail.com>
> ---
>  fs/cifs/dir.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
> index fa8c21d..d8d26f3 100644
> --- a/fs/cifs/dir.c
> +++ b/fs/cifs/dir.c
> @@ -641,7 +641,7 @@ lookup_out:
>  static int
>  cifs_d_revalidate(struct dentry *direntry, struct nameidata *nd)
>  {
> -       if (nd->flags & LOOKUP_RCU)
> +       if (nd && (nd->flags & LOOKUP_RCU))
>                return -ECHILD;
>
>        if (direntry->d_inode) {
> --
> 1.7.1
>
>

diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
index fa8c21d..d8d26f3 100644
--- a/fs/cifs/dir.c
+++ b/fs/cifs/dir.c
@@ -641,7 +641,7 @@  lookup_out:
 static int
 cifs_d_revalidate(struct dentry *direntry, struct nameidata *nd)
 {
-	if (nd->flags & LOOKUP_RCU)
+	if (nd && (nd->flags & LOOKUP_RCU))
 		return -ECHILD;
 
 	if (direntry->d_inode) {

CIFS: Fix oops while mounting with prefixpath

Commit Message

Comments

Patch