summaryrefslogtreecommitdiffstats
path: root/kernel/capability.c
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2012-01-11 04:24:48 +0100
committerAl Viro <viro@zeniv.linux.org.uk>2012-01-11 06:19:58 +0100
commit8753333266be67ff3a984ac1f6566d31c260bee4 (patch)
tree27a8565988791e2971d631e19c7a9a0057386668 /kernel/capability.c
parentautofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (diff)
downloadlinux-8753333266be67ff3a984ac1f6566d31c260bee4.tar.xz
linux-8753333266be67ff3a984ac1f6566d31c260bee4.zip
autofs4: catatonic_mode vs. notify_daemon race
we need to hold ->wq_mutex while we are forming the packet to send, lest we have autofs4_catatonic_mode() setting wq->name.name to NULL just as autofs4_notify_daemon() decides to memcpy() from it... We do have check for catatonic mode immediately after that (under ->wq_mutex, as it ought to be) and packet won't be actually sent, but it'll be too late for us if we oops on that memcpy() from NULL... Fix is obvious - just extend the area covered by ->wq_mutex over that switch and check whether it's catatonic *before* doing anything else. Acked-by: Ian Kent <raven@themaw.net> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel/capability.c')
0 files changed, 0 insertions, 0 deletions