aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeff Mahoney <jeffm@suse.com>2007-04-12 02:28:46 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-04-12 18:31:42 -0400
commitc3724b129b5a1a1789a2dc5348685a236ae02479 (patch)
treed664a2d672b62c9bde71992cdd8e1b7904f5e3d0
parent6d205f120547043de663315698dcf5f0eaa31b5c (diff)
[PATCH] autofs4: fix race in unhashed dentry code
Commit f50b6f8691cae2e0064c499dd3ef3f31142987f0 introduced a race in autofs4 between autofs_lookup_unhashed() and autofs_dentry_release(). autofs_dentry_release() ends up clearing the ->dentry and ->inode members of autofs_info before removing it from the rehash list. The list is protected by the rehash lock in both functions, but since autofs_dentry_release() starts tearing the autofs_info struct down before removing it from the list, autofs_lookup_unhashed() can get a autofs_info with a NULL dentry. This patch moves the clearing of ->dentry and ->inode after the removal from the rehash list. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Acked-by: Ian Kent <raven@themaw.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--fs/autofs4/root.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/fs/autofs4/root.c b/fs/autofs4/root.c
index b4631046867e..d0e9b3a3905d 100644
--- a/fs/autofs4/root.c
+++ b/fs/autofs4/root.c
@@ -470,9 +470,6 @@ void autofs4_dentry_release(struct dentry *de)
470 if (inf) { 470 if (inf) {
471 struct autofs_sb_info *sbi = autofs4_sbi(de->d_sb); 471 struct autofs_sb_info *sbi = autofs4_sbi(de->d_sb);
472 472
473 inf->dentry = NULL;
474 inf->inode = NULL;
475
476 if (sbi) { 473 if (sbi) {
477 spin_lock(&sbi->rehash_lock); 474 spin_lock(&sbi->rehash_lock);
478 if (!list_empty(&inf->rehash)) 475 if (!list_empty(&inf->rehash))
@@ -480,6 +477,9 @@ void autofs4_dentry_release(struct dentry *de)
480 spin_unlock(&sbi->rehash_lock); 477 spin_unlock(&sbi->rehash_lock);
481 } 478 }
482 479
480 inf->dentry = NULL;
481 inf->inode = NULL;
482
483 autofs4_free_ino(inf); 483 autofs4_free_ino(inf);
484 } 484 }
485} 485}