commit ba8df43c0ee93ec05fc526278a80aaf4cb5ab1fa · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

[PATCH] autofs4: panic after mount fail

Resolve the panic on failed mount of an autofs filesystem originally
reported by Mao Bibo.

It addresses two issues that happen after the mount fail. The first a NULL
pointer reference to a field (pipe) in the autofs superblock info structure
and second the lack of super block cleanup by the autofs and autofs4
modules.

Signed-off-by: Ian Kent <raven@themaw.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

authored by Ian Kent and committed by Linus Torvalds 19 years ago ba8df43c 6a34b57b

+32 -6

4 changed files

expand all

unified split

autofs

inode.c

waitq.c

autofs4

inode.c

waitq.c

+13 -1

fs/autofs/inode.c

··· 25 struct autofs_sb_info *sbi = autofs_sbi(sb); 26 unsigned int n; 27 28 if ( !sbi->catatonic ) 29 autofs_catatonic_mode(sbi); /* Free wait queues, close pipe */ 30 ··· 144 145 s->s_fs_info = sbi; 146 sbi->magic = AUTOFS_SBI_MAGIC; 147 - sbi->catatonic = 0; 148 sbi->exp_timeout = 0; 149 sbi->oz_pgrp = process_group(current); 150 autofs_initialize_hash(&sbi->dirhash); ··· 189 if ( !pipe->f_op || !pipe->f_op->write ) 190 goto fail_fput; 191 sbi->pipe = pipe; 192 193 /* 194 * Success! Install the root dentry now to indicate completion. ··· 208 iput(root_inode); 209 fail_free: 210 kfree(sbi); 211 fail_unlock: 212 return -EINVAL; 213 }

··· 25 struct autofs_sb_info *sbi = autofs_sbi(sb); 26 unsigned int n; 27 28 + /* 29 + * In the event of a failure in get_sb_nodev the superblock 30 + * info is not present so nothing else has been setup, so 31 + * just exit when we are called from deactivate_super. 32 + */ 33 + if (!sbi) 34 + return; 35 + 36 if ( !sbi->catatonic ) 37 autofs_catatonic_mode(sbi); /* Free wait queues, close pipe */ 38 ··· 136 137 s->s_fs_info = sbi; 138 sbi->magic = AUTOFS_SBI_MAGIC; 139 + sbi->pipe = NULL; 140 + sbi->catatonic = 1; 141 sbi->exp_timeout = 0; 142 sbi->oz_pgrp = process_group(current); 143 autofs_initialize_hash(&sbi->dirhash); ··· 180 if ( !pipe->f_op || !pipe->f_op->write ) 181 goto fail_fput; 182 sbi->pipe = pipe; 183 + sbi->catatonic = 0; 184 185 /* 186 * Success! Install the root dentry now to indicate completion. ··· 198 iput(root_inode); 199 fail_free: 200 kfree(sbi); 201 + s->s_fs_info = NULL; 202 + kill_anon_super(s); 203 fail_unlock: 204 return -EINVAL; 205 }

fs/autofs/waitq.c

··· 41 wq = nwq; 42 } 43 fput(sbi->pipe); /* Close the pipe */ 44 autofs_hash_dputall(&sbi->dirhash); /* Remove all dentry pointers */ 45 } 46

··· 41 wq = nwq; 42 } 43 fput(sbi->pipe); /* Close the pipe */ 44 + sbi->pipe = NULL; 45 autofs_hash_dputall(&sbi->dirhash); /* Remove all dentry pointers */ 46 } 47

+16 -1

fs/autofs4/inode.c

··· 99 struct dentry *this_parent = sbi->sb->s_root; 100 struct list_head *next; 101 102 spin_lock(&dcache_lock); 103 repeat: 104 next = this_parent->d_subdirs.next; ··· 148 void autofs4_kill_sb(struct super_block *sb) 149 { 150 struct autofs_sb_info *sbi = autofs4_sbi(sb); 151 152 sb->s_fs_info = NULL; 153 ··· 321 s->s_fs_info = sbi; 322 sbi->magic = AUTOFS_SBI_MAGIC; 323 sbi->pipefd = -1; 324 - sbi->catatonic = 0; 325 sbi->exp_timeout = 0; 326 sbi->oz_pgrp = process_group(current); 327 sbi->sb = s; ··· 400 goto fail_fput; 401 sbi->pipe = pipe; 402 sbi->pipefd = pipefd; 403 404 /* 405 * Success! Install the root dentry now to indicate completion. ··· 425 kfree(ino); 426 fail_free: 427 kfree(sbi); 428 fail_unlock: 429 return -EINVAL; 430 }

··· 99 struct dentry *this_parent = sbi->sb->s_root; 100 struct list_head *next; 101 102 + if (!sbi->sb->s_root) 103 + return; 104 + 105 spin_lock(&dcache_lock); 106 repeat: 107 next = this_parent->d_subdirs.next; ··· 145 void autofs4_kill_sb(struct super_block *sb) 146 { 147 struct autofs_sb_info *sbi = autofs4_sbi(sb); 148 + 149 + /* 150 + * In the event of a failure in get_sb_nodev the superblock 151 + * info is not present so nothing else has been setup, so 152 + * just exit when we are called from deactivate_super. 153 + */ 154 + if (!sbi) 155 + return; 156 157 sb->s_fs_info = NULL; 158 ··· 310 s->s_fs_info = sbi; 311 sbi->magic = AUTOFS_SBI_MAGIC; 312 sbi->pipefd = -1; 313 + sbi->pipe = NULL; 314 + sbi->catatonic = 1; 315 sbi->exp_timeout = 0; 316 sbi->oz_pgrp = process_group(current); 317 sbi->sb = s; ··· 388 goto fail_fput; 389 sbi->pipe = pipe; 390 sbi->pipefd = pipefd; 391 + sbi->catatonic = 0; 392 393 /* 394 * Success! Install the root dentry now to indicate completion. ··· 412 kfree(ino); 413 fail_free: 414 kfree(sbi); 415 + s->s_fs_info = NULL; 416 + kill_anon_super(s); 417 fail_unlock: 418 return -EINVAL; 419 }

+2 -4

fs/autofs4/waitq.c

··· 41 wake_up_interruptible(&wq->queue); 42 wq = nwq; 43 } 44 - if (sbi->pipe) { 45 - fput(sbi->pipe); /* Close the pipe */ 46 - sbi->pipe = NULL; 47 - } 48 } 49 50 static int autofs4_write(struct file *file, const void *addr, int bytes)

··· 41 wake_up_interruptible(&wq->queue); 42 wq = nwq; 43 } 44 + fput(sbi->pipe); /* Close the pipe */ 45 + sbi->pipe = NULL; 46 } 47 48 static int autofs4_write(struct file *file, const void *addr, int bytes)