diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2009-03-31 04:36:33 +0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2009-04-01 07:00:25 +0400 |
commit | f8ef3ed2bebd2c4cb9ece92efa185d7aead8831a (patch) | |
tree | f6208725f0b2ecd43e393435fa7fb8ad1be1b14b | |
parent | 11d06b2a1e5658f448a308aa3beb97bacd64a940 (diff) | |
download | linux-f8ef3ed2bebd2c4cb9ece92efa185d7aead8831a.tar.xz |
Get rid of bumping fs_struct refcount in pivot_root(2)
Not because execve races with _that_ are serious - we really
need a situation when final drop of fs_struct refcount is
done by something that used to have it as current->fs.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | fs/namespace.c | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/fs/namespace.c b/fs/namespace.c index 0a42e0e96027..f7ec283ccfbb 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -2131,25 +2131,33 @@ static void chroot_fs_refs(struct path *old_root, struct path *new_root) { struct task_struct *g, *p; struct fs_struct *fs; + int count = 0; read_lock(&tasklist_lock); do_each_thread(g, p) { task_lock(p); fs = p->fs; if (fs) { - atomic_inc(&fs->count); - task_unlock(p); + write_lock(&fs->lock); if (fs->root.dentry == old_root->dentry - && fs->root.mnt == old_root->mnt) - set_fs_root(fs, new_root); + && fs->root.mnt == old_root->mnt) { + path_get(new_root); + fs->root = *new_root; + count++; + } if (fs->pwd.dentry == old_root->dentry - && fs->pwd.mnt == old_root->mnt) - set_fs_pwd(fs, new_root); - put_fs_struct(fs); - } else - task_unlock(p); + && fs->pwd.mnt == old_root->mnt) { + path_get(new_root); + fs->pwd = *new_root; + count++; + } + write_unlock(&fs->lock); + } + task_unlock(p); } while_each_thread(g, p); read_unlock(&tasklist_lock); + while (count--) + path_put(old_root); } /* |