On Wed, 2007-04-11 at 11:05 -0400, Jeff Mahoney wrote:
> Commit f50b6f8691cae2e0064c499dd3ef3f31142987f0 introduced a
> race in autofs4 between autofs_lookup_unhashed() and
> autofs_dentry_release().
>
> autofs_dentry_release() ends up clearing the ->dentry and ->inode
> members of autofs_info before removing it from the rehash list. The
> list is protected by the rehash lock in both functions, but
> since autofs_dentry_release() starts tearing the autofs_info struct
> down before removing it from the list, autofs_lookup_unhashed() can
> get a autofs_info with a NULL dentry.
>
> This patch moves the clearing of ->dentry and ->inode after the removal
> from the rehash list.
Oh .. excellent, I had a bug report but I just couldn't see it for
looking.
You've made my day.
Thanks heaps
Ian
>
> Signed-off-by: Jeff Mahoney <[email protected]>
Acked-by: Ian Kent <[email protected]>
>
> ---
>
> fs/autofs4/root.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> --- a/fs/autofs4/root.c 2007-04-11 09:41:44.000000000 -0400
> +++ b/fs/autofs4/root.c 2007-04-11 10:54:37.000000000 -0400
> @@ -470,9 +470,6 @@ void autofs4_dentry_release(struct dentr
> if (inf) {
> struct autofs_sb_info *sbi = autofs4_sbi(de->d_sb);
>
> - inf->dentry = NULL;
> - inf->inode = NULL;
> -
> if (sbi) {
> spin_lock(&sbi->rehash_lock);
> if (!list_empty(&inf->rehash))
> @@ -480,6 +477,9 @@ void autofs4_dentry_release(struct dentr
> spin_unlock(&sbi->rehash_lock);
> }
>
> + inf->dentry = NULL;
> + inf->inode = NULL;
> +
> autofs4_free_ino(inf);
> }
> }
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
