On Tue, 16 Oct 2007 15:35:57 -0400 "J. Bruce Fields" <[EMAIL PROTECTED]> wrote:
> From: J. Bruce Fields <[EMAIL PROTECTED]> > > Well, it's not especially important that target->d_iname get the > contents of dentry->d_iname, but it's important that it get initialized > with *something*, otherwise we're just exposing some random piece of > memory to anyone who reads the link at /proc/<pid>/fd/<fd> for the > deleted file, when it's still held open by someone. > hm, that was tricky. > --- > fs/dcache.c | 2 ++ > 1 files changed, 2 insertions(+), 0 deletions(-) > > (Am I missing something? I've also run a test program that copies a > short (<36 character) name ontop of a long (>=36 character) name and see > that the first time I run it, without this patch, I get unpredicatable > results out of /proc/<pid>/fd/<fd>.) > > diff --git a/fs/dcache.c b/fs/dcache.c > index 5663a31..24252fc 100644 > --- a/fs/dcache.c > +++ b/fs/dcache.c > @@ -1483,6 +1483,8 @@ static void switch_names(struct dentry *dentry, struct > dentry *target) > * dentry:internal, target:external. Steal target's > * storage and make target internal. > */ > + memcpy(target->d_iname, dentry->d_name.name, > + dentry->d_name.len + 1); > dentry->d_name.name = target->d_name.name; > target->d_name.name = target->d_iname; > } Or we could just stick a \0 in there. Or perhaps we should set it to "(deleted file)"? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
