[PATCH] autofs4: fix race in unhashed dentry code
authorJeff Mahoney <jeffm@suse.com>
Thu, 12 Apr 2007 06:28:46 +0000 (23:28 -0700)
committerLinus Torvalds <torvalds@woody.linux-foundation.org>
Thu, 12 Apr 2007 22:31:42 +0000 (15:31 -0700)
Commit f50b6f8691cae2e0064c499dd3ef3f31142987f0 introduced a race in
autofs4 between autofs_lookup_unhashed() and autofs_dentry_release().

autofs_dentry_release() ends up clearing the ->dentry and ->inode members
of autofs_info before removing it from the rehash list.  The list is
protected by the rehash lock in both functions, but since
autofs_dentry_release() starts tearing the autofs_info struct down before
removing it from the list, autofs_lookup_unhashed() can get a autofs_info
with a NULL dentry.

This patch moves the clearing of ->dentry and ->inode after the removal
from the rehash list.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Acked-by: Ian Kent <raven@themaw.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/autofs4/root.c

index b4631046867e30a92e2bf5b866d9bc8a05e0c375..d0e9b3a3905d6e125a8d2fa2025251fbeab496ee 100644 (file)
@@ -470,9 +470,6 @@ void autofs4_dentry_release(struct dentry *de)
        if (inf) {
                struct autofs_sb_info *sbi = autofs4_sbi(de->d_sb);
 
-               inf->dentry = NULL;
-               inf->inode = NULL;
-
                if (sbi) {
                        spin_lock(&sbi->rehash_lock);
                        if (!list_empty(&inf->rehash))
@@ -480,6 +477,9 @@ void autofs4_dentry_release(struct dentry *de)
                        spin_unlock(&sbi->rehash_lock);
                }
 
+               inf->dentry = NULL;
+               inf->inode = NULL;
+
                autofs4_free_ino(inf);
        }
 }