[PATCH] namei fixes (13/19)

In open_namei() exit_dput: we have mntput() done in the wrong order -
if nd->mnt != path.mnt we end up doing
	mntput(nd->mnt);
	nd->mnt = path.mnt;
	dput(nd->dentry);
	mntput(nd->mnt);
which drops nd->dentry too late.  Fixed by having path.mnt go first.
That allows to switch O_NOFOLLOW under if (__follow_mount(...)) back
to exit_dput, while we are at it.

Fix for early-mntput() race + equivalent transformation.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/fs/namei.c b/fs/namei.c
index 37fcf94..5153f57 100644 (file)
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1501,11 +1501,8 @@ do_last:
 
        if (__follow_mount(&path)) {
                error = -ELOOP;
-               if (flag & O_NOFOLLOW) {
-                       dput(path.dentry);
-                       mntput(path.mnt);
-                       goto exit;
-               }
+               if (flag & O_NOFOLLOW)
+                       goto exit_dput;
        }
        error = -ENOENT;
        if (!path.dentry->d_inode)
@@ -1530,8 +1527,7 @@ ok:
 exit_dput:
        dput(path.dentry);
        if (nd->mnt != path.mnt)
-               mntput(nd->mnt);
-       nd->mnt = path.mnt;
+               mntput(path.mnt);
 exit:
        path_release(nd);
        return error;