diff options
| author | Ian Kent <raven@themaw.net> | 2008-07-24 00:30:17 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-24 13:47:32 -0400 |
| commit | 5a11d4d0ee1ff284271f7265929d07ea4a1168a6 (patch) | |
| tree | 4b9b76486afa5d9fc29216df069c5a557e09011a /fs/autofs4/inode.c | |
| parent | 70b52a0a5005ce6a0ceec56e97222437a0ba7506 (diff) | |
autofs4: fix waitq locking
The autofs4_catatonic_mode() function accesses the wait queue without any
locking but can be called at any time. This could lead to a possible
double free of the name field of the wait and a double fput of the daemon
communication pipe or an fput of a NULL file pointer.
Signed-off-by: Ian Kent <raven@themaw.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/autofs4/inode.c')
| -rw-r--r-- | fs/autofs4/inode.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/autofs4/inode.c b/fs/autofs4/inode.c index e3e70994ab46..7bb3e5ba0537 100644 --- a/fs/autofs4/inode.c +++ b/fs/autofs4/inode.c | |||
| @@ -163,8 +163,8 @@ void autofs4_kill_sb(struct super_block *sb) | |||
| 163 | if (!sbi) | 163 | if (!sbi) |
| 164 | goto out_kill_sb; | 164 | goto out_kill_sb; |
| 165 | 165 | ||
| 166 | if (!sbi->catatonic) | 166 | /* Free wait queues, close pipe */ |
| 167 | autofs4_catatonic_mode(sbi); /* Free wait queues, close pipe */ | 167 | autofs4_catatonic_mode(sbi); |
| 168 | 168 | ||
| 169 | /* Clean up and release dangling references */ | 169 | /* Clean up and release dangling references */ |
| 170 | autofs4_force_release(sbi); | 170 | autofs4_force_release(sbi); |