* Without that kind of total limit, nasty chains of consecutive
* symlinks can cause almost arbitrarily long lookups.
*/
-static inline int do_follow_link(struct path *path, struct nameidata *nd)
+static inline int do_follow_link(struct inode *inode, struct path *path, struct nameidata *nd)
{
void *cookie;
int err = -ELOOP;
/* We drop rcu-walk here */
if (nameidata_dentry_drop_rcu_maybe(nd, path->dentry))
return -ECHILD;
+ BUG_ON(inode != path->dentry->d_inode);
if (current->link_count >= MAX_NESTED_LINKS)
goto loop;
goto out_dput;
if (inode->i_op->follow_link) {
- BUG_ON(inode != next.dentry->d_inode);
- err = do_follow_link(&next, nd);
+ err = do_follow_link(inode, &next, nd);
if (err)
goto return_err;
nd->inode = nd->path.dentry->d_inode;
break;
if (inode && unlikely(inode->i_op->follow_link) &&
(lookup_flags & LOOKUP_FOLLOW)) {
- BUG_ON(inode != next.dentry->d_inode);
- err = do_follow_link(&next, nd);
+ err = do_follow_link(inode, &next, nd);
if (err)
goto return_err;
nd->inode = nd->path.dentry->d_inode;
/* nd->path had been dropped */
current->total_link_count = 0;
nd->path = save;
+ nd->inode = save.dentry->d_inode;
path_get(&nd->path);
nd->flags |= LOOKUP_REVAL;
result = link_path_walk(name, nd);
/* !O_CREAT, simple open */
error = do_path_lookup(dfd, pathname, flags, &nd);
if (unlikely(error))
- goto out_filp;
+ goto out_filp2;
error = -ELOOP;
if (!(nd.flags & LOOKUP_FOLLOW)) {
if (nd.inode->i_op->follow_link)
- goto out_path;
+ goto out_path2;
}
error = -ENOTDIR;
if (nd.flags & LOOKUP_DIRECTORY) {
if (!nd.inode->i_op->lookup)
- goto out_path;
+ goto out_path2;
}
audit_inode(pathname, nd.path.dentry);
filp = finish_open(&nd, open_flag, acc_mode);
+out2:
release_open_intent(&nd);
return filp;
+out_path2:
+ path_put(&nd.path);
+out_filp2:
+ filp = ERR_PTR(error);
+ goto out2;
+
creat:
/* OK, have to create the file. Find the parent. */
error = path_init_rcu(dfd, pathname,