From: Stephen Smalley Looking at d_splice_alias, it appears that the security_d_instantiate call in the first case (where it ends up moving an entry in place of the given dentry) should be passing 'new' rather than 'dentry' to ensure that the passed dentry is associated with the inode. This patch should fix the problem. (Addresses bugzilla #2153) --- fs/dcache.c | 2 +- 1 files changed, 1 insertion(+), 1 deletion(-) diff -puN fs/dcache.c~security-oops-fix fs/dcache.c --- 25/fs/dcache.c~security-oops-fix 2004-02-20 08:00:14.000000000 -0800 +++ 25-akpm/fs/dcache.c 2004-02-20 08:00:14.000000000 -0800 @@ -895,7 +895,7 @@ struct dentry *d_splice_alias(struct ino new = list_entry(inode->i_dentry.next, struct dentry, d_alias); __dget_locked(new); spin_unlock(&dcache_lock); - security_d_instantiate(dentry, inode); + security_d_instantiate(new, inode); d_rehash(dentry); d_move(new, dentry); iput(inode); _