@@ -2147,7 +2147,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
goto close_fail;
}
} else {
- struct inode *inode;
+ struct kstat stat;
if (cprm.limit < binfmt->min_coredump)
goto fail_unlock;
@@ -2158,8 +2158,10 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
if (IS_ERR(cprm.file))
goto fail_unlock;
- inode = cprm.file->f_path.dentry->d_inode;
- if (inode->i_nlink > 1)
+ if (vfs_getattr(cprm.file->f_path.mnt, cprm.file->f_path.dentry,
+ &stat))
+ goto close_fail;
+ if (stat.nlink > 1)
goto close_fail;
if (d_unhashed(cprm.file->f_path.dentry))
goto close_fail;
@@ -2167,13 +2169,13 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
* AK: actually i see no reason to not allow this for named
* pipes etc, but keep the previous behaviour for now.
*/
- if (!S_ISREG(inode->i_mode))
+ if (!S_ISREG(stat.mode))
goto close_fail;
/*
* Dont allow local users get cute and trick others to coredump
* into their pre-created files.
*/
- if (inode->i_uid != current_fsuid())
+ if (stat.uid != current_fsuid())
goto close_fail;
if (!cprm.file->f_op || !cprm.file->f_op->write)
goto close_fail;