Re: Linux 2.4.33-rc1
From: Willy Tarreau
Date: Mon Jun 19 2006 - 04:09:00 EST
Hi Grant,
OK, it does *really* crash in vfs_unlink(), during the double_up on
dentry->inode-i_zombie (dentry->inode = NULL).
I suggest the following fix, I hope that it is correct and is not subject
to any race condition :
--- ./fs/namei.c.orig 2006-06-19 09:39:52.000000000 +0200
+++ ./fs/namei.c 2006-06-19 09:51:09.000000000 +0200
@@ -1478,12 +1478,14 @@
int vfs_unlink(struct inode *dir, struct dentry *dentry)
{
int error;
+ struct inode *inode;
error = may_delete(dir, dentry, 0);
if (error)
return error;
- double_down(&dir->i_zombie, &dentry->d_inode->i_zombie);
+ inode = dentry->d_inode;
+ double_down(&dir->i_zombie, &inode->i_zombie);
error = -EPERM;
if (dir->i_op && dir->i_op->unlink) {
DQUOT_INIT(dir);
@@ -1495,7 +1497,7 @@
unlock_kernel();
}
}
- double_up(&dir->i_zombie, &dentry->d_inode->i_zombie);
+ double_up(&dir->i_zombie, &inode->i_zombie);
if (!error) {
d_delete(dentry);
inode_dir_notify(dir, DN_DELETE);
I think it will *not* oops anymore with this fix, but I'd like someone to
review it to ensure that it is valid.
Cheers,
Willy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/