diff options
author | J. Bruce Fields <bfields@redhat.com> | 2019-08-15 16:18:26 -0400 |
---|---|---|
committer | J. Bruce Fields <bfields@redhat.com> | 2019-08-15 16:24:07 -0400 |
commit | bebd6997163addc1938db8c61754a23ffdf8ccc4 (patch) | |
tree | ede74ed1ac2d974bc81c8cea70bbc2c38bd04694 /fs/nfsd/nfsctl.c | |
parent | dc46bba709cfb45e4b2d40cf45aaeacb82690504 (diff) | |
download | lwn-bebd6997163addc1938db8c61754a23ffdf8ccc4.tar.gz lwn-bebd6997163addc1938db8c61754a23ffdf8ccc4.zip |
nfsd: initialize i_private before d_add
A process could race in an open and attempt to read one of these files
before i_private is initialized, and get a spurious error.
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs/nfsd/nfsctl.c')
-rw-r--r-- | fs/nfsd/nfsctl.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c index b14f825c62fe..3cf4f6aa48d6 100644 --- a/fs/nfsd/nfsctl.c +++ b/fs/nfsd/nfsctl.c @@ -1171,13 +1171,17 @@ static struct inode *nfsd_get_inode(struct super_block *sb, umode_t mode) return inode; } -static int __nfsd_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) +static int __nfsd_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode, struct nfsdfs_client *ncl) { struct inode *inode; inode = nfsd_get_inode(dir->i_sb, mode); if (!inode) return -ENOMEM; + if (ncl) { + inode->i_private = ncl; + kref_get(&ncl->cl_ref); + } d_add(dentry, inode); inc_nlink(dir); fsnotify_mkdir(dir, dentry); @@ -1194,13 +1198,9 @@ static struct dentry *nfsd_mkdir(struct dentry *parent, struct nfsdfs_client *nc dentry = d_alloc_name(parent, name); if (!dentry) goto out_err; - ret = __nfsd_mkdir(d_inode(parent), dentry, S_IFDIR | 0600); + ret = __nfsd_mkdir(d_inode(parent), dentry, S_IFDIR | 0600, ncl); if (ret) goto out_err; - if (ncl) { - d_inode(dentry)->i_private = ncl; - kref_get(&ncl->cl_ref); - } out: inode_unlock(dir); return dentry; |