[PATCH 1/2] fs: unreference path on file close

[Sascha Hauer]

Since commit 83ffe89840e8 ("fs: use filename_create/filename_lookup
instead of open-coding") we no longer open-code the file lookup during
openat(). Unlike the open-coded variant filename_lookup() keeps a
reference to the file which is now leaked and the filesystem cannot be
unmounted anymore:

umount: Device or resource busy

Since commit a1da0079d162 ("fs: implement opendir in terms of fdopendir")
this also happens when just a directory is opened.

The original code was not quite correct: After calling terminate_walk()
we no longer held a reference to the path for an opened file. Transfer
the path to the already existing f_path in struct file and unreference
it a close() time.

Fixes: 83ffe89840e8 ("fs: use filename_create/filename_lookup instead of open-coding")
Fixes: a1da0079d162 ("fs: implement opendir in terms of fdopendir")
Signed-off-by: Sascha Hauer <s.hauer at pengutronix.de>
---
 fs/fs.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/fs/fs.c b/fs/fs.c
index d401268c1e..18343552a7 100644
--- a/fs/fs.c
+++ b/fs/fs.c
@@ -330,7 +330,7 @@ static void put_file(struct file *f)
 	f->path = NULL;
 	f->fsdev = NULL;
 	iput(f->f_inode);
-	dput(f->f_dentry);
+	path_put(&f->f_path);
 }
 
 static struct file *fd_to_file(int fd, bool o_path_ok)
@@ -2550,7 +2550,7 @@ int openat(int dirfd, const char *pathname, int flags)
 	int error = 0;
 	struct inode *inode = NULL;
 	struct dentry *dentry = NULL;
-	struct path path;
+	struct path path = {};
 
 	if (flags & O_TMPFILE) {
 		error = filename_lookup(dirfd, getname(pathname), LOOKUP_DIRECTORY, &path);
@@ -2628,11 +2628,12 @@ int openat(int dirfd, const char *pathname, int flags)
 	f = get_file(fsdev);
 	if (!f) {
 		error = -EMFILE;
+		path_put(&path);
 		goto out1;
 	}
 
 	f->path = dpath(dentry, d_root);
-	f->f_dentry = dentry;
+	f->f_path = path;
 	f->f_inode = iget(inode);
 	f->f_flags = flags;
 
-- 
2.39.5