NFS: Fix a race in nfs_call_unlink()

We should check that the filehandles match before transferring the
sillyrename data to the newly looked-up dentry in case the name was
reused on the server.

Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

diff --git a/fs/nfs/unlink.c b/fs/nfs/unlink.c
index 9697cd5d2561c3064bf4d16f7b05aa92b87e34a1..150a953a8be946e6f8e75b92e7e89a2c6c5ff141 100644 (file)
--- a/fs/nfs/unlink.c
+++ b/fs/nfs/unlink.c
@@ -139,6 +139,7 @@ static int nfs_call_unlink(struct dentry *dentry, struct inode *inode, struct nf
                 */
                spin_lock(&alias->d_lock);
                if (d_really_is_positive(alias) &&
+                   !nfs_compare_fh(NFS_FH(inode), NFS_FH(d_inode(alias))) &&
                    !(alias->d_flags & DCACHE_NFSFS_RENAMED)) {
                        devname_garbage = alias->d_fsdata;
                        alias->d_fsdata = data;