[Devel] [PATCH rh7] fs/namei.c: return error if nd->inode check is empty in handle_dotdot_rcu()

[Vasily Averin]

LOOKUP_RCU does not use dget/dput and have no protection agains
concurrent rmdir. On the other hand may_lookup() exepct that nd->inode
is not empty. Direct lookup guarantees this, non-RCU dotdot lookup
is not affected too because it uses dget. However follow_dotdot_rcu()
does not have a similar check.

This patch should prevent oops in may_lookup() in described scenario.

The problem was fixed in upstream long time ago, however it's too hard
to backport all f according patches correctly. So let's use minially
required change to protect vz7 kernels.

https://jira.sw.ru/browse/PSBM-92308
https://jira.sw.ru/browse/PSBM-128194
https://jira.sw.ru/browse/PSBM-136369
Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
---
 fs/namei.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/namei.c b/fs/namei.c
index 85c0ffa0c55c..869839ea2112 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1223,7 +1223,8 @@ static int follow_dotdot_rcu(struct nameidata *nd)
 			goto failed;
 	}
 	nd->inode = nd->path.dentry->d_inode;
-	return 0;
+	if (nd->inode)
+		return 0;
 
 failed:
 	nd->flags &= ~LOOKUP_RCU;
-- 
2.25.1