Wrapfs: fix NULL pointer dereference when stacking wrapfs on top of itself.

Wrapfs assumes that the d_fsdata field has already been initialized whenever
it is passed one of its own dentries, but it doesn't give the lower fs a chance
to allocate their d_fsdata field when it creates a new lower_dentry. This is
fixed by simply replacing a call to d_add in __wrapfs_lookup with a call to
->lookup on the lower fs inode.

Signed-off-by: Andrew Burford <aburford@cs.stonybrook.edu>

diff --git a/fs/wrapfs/lookup.c b/fs/wrapfs/lookup.c
index 7c78d5a4a30fcc3c2fd73fc3340661a966c6e3bb..b166c0e50b98643b668a42caf7041d8723a81b52 100644 (file)
--- a/fs/wrapfs/lookup.c
+++ b/fs/wrapfs/lookup.c
@@ -260,7 +260,14 @@ static struct dentry *__wrapfs_lookup(struct dentry *dentry,
                err = -ENOMEM;
                goto out;
        }
-       d_add(lower_dentry, NULL); /* instantiate and hash */
+
+       /*
+        * Calling ->lookup instead of d_add will give the lower fs a chance
+        * to allocate the d_fsdata field but will still instantiate and hash the
+        * lower_dentry. Without this, wrapfs could not stack on top of itself.
+        */
+       d_inode(lower_dir_dentry)
+               ->i_op->lookup(d_inode(lower_dir_dentry), lower_dentry, flags);
 
 setup_lower:
        lower_path.dentry = lower_dentry;