From: Maneesh Soni <maneesh@in.ibm.com>

o The following patch fixes is_subdir() races with d_move. Due to concurrent
  d_move, in is_subdir() we can end up accessing freed d_parent pointer in
  case of pre-emptible kernel. To avoid this we can use rcu_read_lock() and
  rcu_read_unlock().

o This also fixes the seqlock uses in is_subdir() as we need to restart the 
  the inner loop with the origianl new_dentry passed to the routine in case
  of any rename occured while we are traversing d_parent links.



---

 fs/dcache.c |    9 +++++++++
 1 files changed, 9 insertions(+)

diff -puN fs/dcache.c~is_subdir-locking-fix fs/dcache.c
--- 25/fs/dcache.c~is_subdir-locking-fix	2004-01-27 23:45:49.000000000 -0800
+++ 25-akpm/fs/dcache.c	2004-01-27 23:45:49.000000000 -0800
@@ -1434,15 +1434,23 @@ out:
  *
  * Returns 1 if new_dentry is a subdirectory of the parent (at any depth).
  * Returns 0 otherwise.
+ * Caller must ensure that "new_dentry" is pinned before calling is_subdir()
  */
   
 int is_subdir(struct dentry * new_dentry, struct dentry * old_dentry)
 {
 	int result;
+	struct dentry * saved = new_dentry;
 	unsigned long seq;
 
 	result = 0;
+	/* need rcu_readlock to protect against the d_parent trashing due to
+	 * d_move
+	 */
+	rcu_read_lock();
         do {
+		/* for restarting inner loop in case of seq retry */
+		new_dentry = saved;
 		seq = read_seqbegin(&rename_lock);
 		for (;;) {
 			if (new_dentry != old_dentry) {
@@ -1456,6 +1464,7 @@ int is_subdir(struct dentry * new_dentry
 			break;
 		}
 	} while (read_seqretry(&rename_lock, seq));
+	rcu_read_unlock();
 
 	return result;
 }

_