commit c3724b129b5a1a1789a2dc5348685a236ae02479 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

[PATCH] autofs4: fix race in unhashed dentry code

Commit f50b6f8691cae2e0064c499dd3ef3f31142987f0 introduced a race in
autofs4 between autofs_lookup_unhashed() and autofs_dentry_release().

autofs_dentry_release() ends up clearing the ->dentry and ->inode members
of autofs_info before removing it from the rehash list. The list is
protected by the rehash lock in both functions, but since
autofs_dentry_release() starts tearing the autofs_info struct down before
removing it from the list, autofs_lookup_unhashed() can get a autofs_info
with a NULL dentry.

This patch moves the clearing of ->dentry and ->inode after the removal
from the rehash list.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Acked-by: Ian Kent <raven@themaw.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by Jeff Mahoney and committed by Linus Torvalds 19 years ago c3724b12 6d205f12

+3 -3

1 changed file

expand all

unified split

autofs4

root.c

+3 -3

fs/autofs4/root.c

··· 470 470 if (inf) { 471 471 struct autofs_sb_info *sbi = autofs4_sbi(de->d_sb); 472 472 473 - inf->dentry = NULL; 474 - inf->inode = NULL; 475 - 476 473 if (sbi) { 477 474 spin_lock(&sbi->rehash_lock); 478 475 if (!list_empty(&inf->rehash)) 479 476 list_del(&inf->rehash); 480 477 spin_unlock(&sbi->rehash_lock); 481 478 } 479 + 480 + inf->dentry = NULL; 481 + inf->inode = NULL; 482 482 483 483 autofs4_free_ino(inf); 484 484 }