From: Jeff Mahoney Date: Thu, 12 Apr 2007 06:28:46 +0000 (-0700) Subject: [PATCH] autofs4: fix race in unhashed dentry code X-Git-Tag: firefly_0821_release~30380 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=c3724b129b5a1a1789a2dc5348685a236ae02479;p=firefly-linux-kernel-4.4.55.git [PATCH] autofs4: fix race in unhashed dentry code Commit f50b6f8691cae2e0064c499dd3ef3f31142987f0 introduced a race in autofs4 between autofs_lookup_unhashed() and autofs_dentry_release(). autofs_dentry_release() ends up clearing the ->dentry and ->inode members of autofs_info before removing it from the rehash list. The list is protected by the rehash lock in both functions, but since autofs_dentry_release() starts tearing the autofs_info struct down before removing it from the list, autofs_lookup_unhashed() can get a autofs_info with a NULL dentry. This patch moves the clearing of ->dentry and ->inode after the removal from the rehash list. Signed-off-by: Jeff Mahoney Acked-by: Ian Kent Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/fs/autofs4/root.c b/fs/autofs4/root.c index b4631046867e..d0e9b3a3905d 100644 --- a/fs/autofs4/root.c +++ b/fs/autofs4/root.c @@ -470,9 +470,6 @@ void autofs4_dentry_release(struct dentry *de) if (inf) { struct autofs_sb_info *sbi = autofs4_sbi(de->d_sb); - inf->dentry = NULL; - inf->inode = NULL; - if (sbi) { spin_lock(&sbi->rehash_lock); if (!list_empty(&inf->rehash)) @@ -480,6 +477,9 @@ void autofs4_dentry_release(struct dentry *de) spin_unlock(&sbi->rehash_lock); } + inf->dentry = NULL; + inf->inode = NULL; + autofs4_free_ino(inf); } }