mntget(path->mnt) in do_follow_link() moved down to right before the
__do_follow_link() call and rigth after loop: resp.
dput()+mntput() on non-ELOOP branch moved up to right after __do_follow_link()
call.
resulting
loop:
mntget(path->mnt);
path_release(nd);
dput(path->mnt);
mntput(path->mnt);
replaced with equivalent
dput(path->mnt);
path_release(nd);
Equivalent transformations - the reason why we have that mntget() is that
__do_follow_link() can drop a reference to nd->mnt and that's what holds
path->mnt. So that call can happen at any point prior to __do_follow_link()
touching nd->mnt. The rest is obvious.
NOTE: current tree relies on symlinks *never* being mounted on anything. It's
not hard to get rid of that assumption (actually, that will come for free
later in the series). For now we are just not making the situation worse than
it is.
Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
static inline int do_follow_link(struct path *path, struct nameidata *nd)
{
int err = -ELOOP;
- mntget(path->mnt);
if (current->link_count >= MAX_NESTED_LINKS)
goto loop;
if (current->total_link_count >= 40)
current->link_count++;
current->total_link_count++;
nd->depth++;
+ mntget(path->mnt);
err = __do_follow_link(path->dentry, nd);
- current->link_count--;
- nd->depth--;
dput(path->dentry);
mntput(path->mnt);
+ current->link_count--;
+ nd->depth--;
return err;
loop:
- path_release(nd);
dput(path->dentry);
- mntput(path->mnt);
+ path_release(nd);
return err;
}