[Devel] [PATCH rh7 05/14] dcache: close d_move race in d_splice_alias

[Andrey Ryabinin]

From: "J. Bruce Fields" <bfields at redhat.com>

d_splice_alias will d_move an IS_ROOT() directory dentry into place if
one exists.  This should be safe as long as the dentry remains IS_ROOT,
but I can't see what guarantees that: once we drop the i_lock all we
hold here is the i_mutex on an unrelated parent directory.

Instead copy the logic of d_materialise_unique.

Reviewed-by: Christoph Hellwig <hch at lst.de>
Signed-off-by: J. Bruce Fields <bfields at redhat.com>
Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
(cherry picked from commit 75a2352d0110960aeee1a28ddc09a55f97c99100)
Signed-off-by: Andrey Ryabinin <aryabinin at virtuozzo.com>
---
 fs/dcache.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fs/dcache.c b/fs/dcache.c
index 3f6a128e6c20..59760ae9b3fa 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -2815,9 +2815,14 @@ struct dentry *d_splice_alias(struct inode *inode, struct dentry *dentry)
 		new = __d_find_alias(inode, 1);
 		if (new) {
 			BUG_ON(!(new->d_flags & DCACHE_DISCONNECTED));
+			write_seqlock(&rename_lock);
+			__d_materialise_dentry(dentry, new);
+			write_sequnlock(&rename_lock);
+			__d_drop(new);
+			_d_rehash(new);
+			spin_unlock(&new->d_lock);
 			spin_unlock(&inode->i_lock);
 			security_d_instantiate(new, inode);
-			d_move(new, dentry);
 			iput(inode);
 		} else {
 			/* already taking inode->i_lock, so d_add() by hand */
-- 
2.21.0