projects / GitHub / MotorolaMobilityLLC / kernel-slsi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4041bcd)
autofs4: catatonic_mode vs. notify_daemon race
authorAl Viro <viro@zeniv.linux.org.uk>
Wed, 11 Jan 2012 03:24:48 +0000 (22:24 -0500)
committerAl Viro <viro@zeniv.linux.org.uk>
Wed, 11 Jan 2012 05:19:58 +0000 (00:19 -0500)
we need to hold ->wq_mutex while we are forming the packet to send,
lest we have autofs4_catatonic_mode() setting wq->name.name to NULL
just as autofs4_notify_daemon() decides to memcpy() from it...

We do have check for catatonic mode immediately after that (under
->wq_mutex, as it ought to be) and packet won't be actually sent,
but it'll be too late for us if we oops on that memcpy() from NULL...

Fix is obvious - just extend the area covered by ->wq_mutex over
that switch and check whether it's catatonic *before* doing anything
else.

Acked-by: Ian Kent <raven@themaw.net>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
fs/autofs4/waitq.c patch | blob | blame | history

diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
index c13273afd546d431f078157b521f7a8905833711..9a0256da5d5655c2578c021b375ea5dc382cd235 100644 (file)
--- a/fs/autofs4/waitq.c
+++ b/fs/autofs4/waitq.c
@@ -110,6 +110,13 @@ static void autofs4_notify_daemon(struct autofs_sb_info *sbi,
 
        pkt.hdr.proto_version = sbi->version;
        pkt.hdr.type = type;
+       mutex_lock(&sbi->wq_mutex);
+
+       /* Check if we have become catatonic */
+       if (sbi->catatonic) {
+               mutex_unlock(&sbi->wq_mutex);
+               return;
+       }
        switch (type) {
        /* Kernel protocol v4 missing and expire packets */
        case autofs_ptype_missing:
@@ -163,22 +170,18 @@ static void autofs4_notify_daemon(struct autofs_sb_info *sbi,
        }
        default:
                printk("autofs4_notify_daemon: bad type %d!\n", type);
+               mutex_unlock(&sbi->wq_mutex);
                return;
        }
 
-       /* Check if we have become catatonic */
-       mutex_lock(&sbi->wq_mutex);
-       if (!sbi->catatonic) {
-               pipe = sbi->pipe;
-               get_file(pipe);
-       }
+       pipe = sbi->pipe;
+       get_file(pipe);
+
        mutex_unlock(&sbi->wq_mutex);
 
-       if (pipe) {
-               if (autofs4_write(pipe, &pkt, pktsz))
-                       autofs4_catatonic_mode(sbi);
-               fput(pipe);
-       }
+       if (autofs4_write(pipe, &pkt, pktsz))
+               autofs4_catatonic_mode(sbi);
+       fput(pipe);
 }
 
 static int autofs4_getpath(struct autofs_sb_info *sbi,
Motorola kernel-slsi