summaryrefslogtreecommitdiffstats
path: root/fs/autofs4/inode.c
diff options
context:
space:
mode:
authorIan Kent <raven@themaw.net>2008-07-24 06:30:17 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2008-07-24 19:47:32 +0200
commit5a11d4d0ee1ff284271f7265929d07ea4a1168a6 (patch)
tree4b9b76486afa5d9fc29216df069c5a557e09011a /fs/autofs4/inode.c
parentautofs4: use struct qstr in waitq.c (diff)
downloadlinux-5a11d4d0ee1ff284271f7265929d07ea4a1168a6.tar.xz
linux-5a11d4d0ee1ff284271f7265929d07ea4a1168a6.zip
autofs4: fix waitq locking
The autofs4_catatonic_mode() function accesses the wait queue without any locking but can be called at any time. This could lead to a possible double free of the name field of the wait and a double fput of the daemon communication pipe or an fput of a NULL file pointer. Signed-off-by: Ian Kent <raven@themaw.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/autofs4/inode.c')
-rw-r--r--fs/autofs4/inode.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/autofs4/inode.c b/fs/autofs4/inode.c
index e3e70994ab46..7bb3e5ba0537 100644
--- a/fs/autofs4/inode.c
+++ b/fs/autofs4/inode.c
@@ -163,8 +163,8 @@ void autofs4_kill_sb(struct super_block *sb)
if (!sbi)
goto out_kill_sb;
- if (!sbi->catatonic)
- autofs4_catatonic_mode(sbi); /* Free wait queues, close pipe */
+ /* Free wait queues, close pipe */
+ autofs4_catatonic_mode(sbi);
/* Clean up and release dangling references */
autofs4_force_release(sbi);