clean DCACHE_CANT_MOUNT in d_delete()
We set the "it's dead, don't mount on it" flag _and_ do not remove it if we turn the damn thing negative and leave it around. And if it goes positive afterwards, well... Fortunately, there's only one place where that needs to be caught: only d_delete() can turn the sucker negative without immediately freeing it; all other places that can lead to ->d_iput() call are followed by unconditionally freeing struct dentry in question. So the fix is obvious: Addresses https://bugzilla.kernel.org/show_bug.cgi?id=16014 Reported-by: Adam Tkac <vonsch@gmail.com> Tested-by: Adam Tkac <vonsch@gmail.com> Cc: <stable@kernel.org> [2.6.34.x] Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
d515e86e63
commit
13e3c5e5b9
@ -1529,6 +1529,7 @@ void d_delete(struct dentry * dentry)
|
|||||||
spin_lock(&dentry->d_lock);
|
spin_lock(&dentry->d_lock);
|
||||||
isdir = S_ISDIR(dentry->d_inode->i_mode);
|
isdir = S_ISDIR(dentry->d_inode->i_mode);
|
||||||
if (atomic_read(&dentry->d_count) == 1) {
|
if (atomic_read(&dentry->d_count) == 1) {
|
||||||
|
dentry->d_flags &= ~DCACHE_CANT_MOUNT;
|
||||||
dentry_iput(dentry);
|
dentry_iput(dentry);
|
||||||
fsnotify_nameremove(dentry, isdir);
|
fsnotify_nameremove(dentry, isdir);
|
||||||
return;
|
return;
|
||||||
|
Loading…
Reference in New Issue
Block a user