diff options
| author | Alexander Viro <viro@math.psu.edu> | 2002-07-21 06:26:17 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@home.transmeta.com> | 2002-07-21 06:26:17 -0700 |
| commit | 17191a2ce5fba8b2d0a3f68fe61e2c861ee65593 (patch) | |
| tree | a5916de22a750b4d37dd72252c555a31489b3bf2 /drivers/block/cpqarray.c | |
| parent | 30034e5669372b98adabc78117e9ab24efedb8b1 (diff) | |
[PATCH] fix for nfs_unlink and vfs_unlink
Ugh. nfs_unlink() is actually racy as hell - look what happens if
we enter it with ->d_count == 1, see that nfs_sillyrename() doesn't
need to do anything and call nfs_safe_remove(). In the meanwhile
somebody does dcache lookup (without going into NFS code - plain
and simple cache hit) and increments ->d_count. nfs_safe_remove()
decides that something is very rotten and fails.
AFAICS we should take the test for ->d_count + d_drop if it's 1
under dcache_lock (and in one place). Comments?
Proposed fix follows:
* dget/dput killed in vfs_unlink() (safely)
* nfs_unlink() starts with check for ->d_count (under dcache_lock)
* if it's > 1 - sillyrename
* if it is 1 - immediately unhash, then drop dcache_lock.
after that we do as in old variant, except that
rehashing is done in nfs_unlink() and only if there
was an error - if there was none we simply leave
d_delete() to vfs_unlink().
Diffstat (limited to 'drivers/block/cpqarray.c')
0 files changed, 0 insertions, 0 deletions