Commit ce285c26 authored by Al Viro's avatar Al Viro

autofs: fix use-after-free in lockless ->d_manage()

autofs_d_release() can overlap with lockless ->d_manage(),
ending up with autofs_dentry_ino() freed under the latter.
Make freeing autofs_info instances RCU-delayed...
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 5467a68c
...@@ -71,6 +71,7 @@ struct autofs_info { ...@@ -71,6 +71,7 @@ struct autofs_info {
kuid_t uid; kuid_t uid;
kgid_t gid; kgid_t gid;
struct rcu_head rcu;
}; };
#define AUTOFS_INF_EXPIRING (1<<0) /* dentry in the process of expiring */ #define AUTOFS_INF_EXPIRING (1<<0) /* dentry in the process of expiring */
......
...@@ -36,7 +36,7 @@ void autofs_clean_ino(struct autofs_info *ino) ...@@ -36,7 +36,7 @@ void autofs_clean_ino(struct autofs_info *ino)
void autofs_free_ino(struct autofs_info *ino) void autofs_free_ino(struct autofs_info *ino)
{ {
kfree(ino); kfree_rcu(ino, rcu);
} }
void autofs_kill_sb(struct super_block *sb) void autofs_kill_sb(struct super_block *sb)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment