From patchwork Fri Aug 5 13:02:40 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Layton X-Patchwork-Id: 1038482 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter2.kernel.org (8.14.4/8.14.4) with ESMTP id p75D2jhj017206 for ; Fri, 5 Aug 2011 13:02:45 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752805Ab1HENCo (ORCPT ); Fri, 5 Aug 2011 09:02:44 -0400 Received: from mx1.redhat.com ([209.132.183.28]:40537 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752764Ab1HENCn (ORCPT ); Fri, 5 Aug 2011 09:02:43 -0400 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p75D2g6h001719 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 5 Aug 2011 09:02:42 -0400 Received: from tlielax.poochiereds.net (vpn-8-204.rdu.redhat.com [10.11.8.204]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id p75D2fRb017873; Fri, 5 Aug 2011 09:02:42 -0400 From: Jeff Layton To: smfrench@gmail.com Cc: viro@ZenIV.linux.org.uk, linux-cifs@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: [PATCH] cifs: cope with negative dentries in cifs_get_root Date: Fri, 5 Aug 2011 09:02:40 -0400 Message-Id: <1312549360-4317-1-git-send-email-jlayton@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22 Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter2.kernel.org [140.211.167.43]); Fri, 05 Aug 2011 13:02:45 +0000 (UTC) The loop around lookup_one_len doesn't handle the case where it might return a negative dentry, which can cause an oops on the next pass through the loop. Check for that and break out of the loop with an error of -ENOENT if there is one. Fixes the panic reported here: https://bugzilla.redhat.com/show_bug.cgi?id=727927 Reported-by: TR Bentley Reported-by: Iain Arnell Cc: Al Viro Cc: stable@kernel.org Signed-off-by: Jeff Layton Acked-by: Al Viro --- fs/cifs/cifsfs.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index 212e562..f93eb94 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c @@ -563,6 +563,10 @@ cifs_get_root(struct smb_vol *vol, struct super_block *sb) mutex_unlock(&dir->i_mutex); dput(dentry); dentry = child; + if (!dentry->d_inode) { + dput(dentry); + dentry = ERR_PTR(-ENOENT); + } } while (!IS_ERR(dentry)); _FreeXid(xid); kfree(full_path);