From: Stephen Smalley <sds@epoch.ncsc.mil>

Looking at d_splice_alias, it appears that the security_d_instantiate call
in the first case (where it ends up moving an entry in place of the given
dentry) should be passing 'new' rather than 'dentry' to ensure that the
passed dentry is associated with the inode.  This patch should fix the
problem.

(Addresses bugzilla #2153)


---

 fs/dcache.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

diff -puN fs/dcache.c~security-oops-fix fs/dcache.c
--- 25/fs/dcache.c~security-oops-fix	2004-02-20 08:00:14.000000000 -0800
+++ 25-akpm/fs/dcache.c	2004-02-20 08:00:14.000000000 -0800
@@ -895,7 +895,7 @@ struct dentry *d_splice_alias(struct ino
 			new = list_entry(inode->i_dentry.next, struct dentry, d_alias);
 			__dget_locked(new);
 			spin_unlock(&dcache_lock);
-			security_d_instantiate(dentry, inode);
+			security_d_instantiate(new, inode);
 			d_rehash(dentry);
 			d_move(new, dentry);
 			iput(inode);

_