From: Aleksa Sarai cyphar@cyphar.com
commit 2b98149c2377bff12be5dd3ce02ae0506e2dd613 upstream.
It's over-zealous to return hard errors under RCU-walk here, given that a REF-walk will be triggered for all other cases handling ".." under RCU.
The original purpose of this check was to ensure that if a rename occurs such that a directory is moved outside of the bind-mount which the resolution started in, it would be detected and blocked to avoid being able to mess with paths outside of the bind-mount. However, triggering a new REF-walk is just as effective a solution.
Cc: "Eric W. Biederman" ebiederm@xmission.com Fixes: 397d425dc26d ("vfs: Test for and handle paths that are unreachable from their mnt_root") Suggested-by: Al Viro viro@zeniv.linux.org.uk Signed-off-by: Aleksa Sarai cyphar@cyphar.com Signed-off-by: Al Viro viro@zeniv.linux.org.uk Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- fs/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/namei.c +++ b/fs/namei.c @@ -1358,7 +1358,7 @@ static int follow_dotdot_rcu(struct name nd->path.dentry = parent; nd->seq = seq; if (unlikely(!path_connected(&nd->path))) - return -ENOENT; + return -ECHILD; break; } else { struct mount *mnt = real_mount(nd->path.mnt);