git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	NeilBrown <neil@brown.name>
	Thu, 13 Nov 2025 00:18:35 +0000 (11:18 +1100)
committer	Christian Brauner <brauner@kernel.org>
	Fri, 14 Nov 2025 12:15:58 +0000 (13:15 +0100)
commit	833d2b3a072f7ff6005bf84c065c7cbda81a8aaa
tree	4da3dc2db7f97c8c8d4c46672ac533f2cebbc17d	tree \| snapshot
parent	ac50950ca143fd637dec4f7457a9162e1a4344e8	commit \| diff

Add start_renaming_two_dentries()

A few callers want to lock for a rename and already have both dentries.
Also debugfs does want to perform a lookup but doesn't want permission
checking, so start_renaming_dentry() cannot be used.

This patch introduces start_renaming_two_dentries() which is given both
dentries.  debugfs performs one lookup itself.  As it will only continue
with a negative dentry and as those cannot be renamed or unlinked, it is
safe to do the lookup before getting the rename locks.

overlayfs uses start_renaming_two_dentries() in three places and  selinux
uses it twice in sel_make_policy_nodes().

In sel_make_policy_nodes() we now lock for rename twice instead of just
once so the combined operation is no longer atomic w.r.t the parent
directory locks.  As selinux_state.policy_mutex is held across the whole
operation this does not open up any interesting races.

Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: NeilBrown <neil@brown.name>
Link: https://patch.msgid.link/20251113002050.676694-13-neilb@ownmail.net
Signed-off-by: Christian Brauner <brauner@kernel.org>

fs/debugfs/inode.c		diff \| blob \| blame \| history
fs/namei.c		diff \| blob \| blame \| history
fs/overlayfs/dir.c		diff \| blob \| blame \| history
include/linux/namei.h		diff \| blob \| blame \| history
security/selinux/selinuxfs.c		diff \| blob \| blame \| history