brain-hackers_pepepper-mirror
/
linux-brain
mirror of https://github.com/brain-hackers/linux-brain.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

autofs: fix use-after-free in lockless ->d_manage() 

autofs_d_release() can overlap with lockless ->d_manage(),
ending up with autofs_dentry_ino() freed under the latter.
Make freeing autofs_info instances RCU-delayed...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro 2019-04-02 15:17:34 -04:00
parent 5467a68cbf
commit ce285c267a
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
fs/autofs/autofs_i.h
View File

@ -71,6 +71,7 @@ struct autofs_info {
kuid_t uid;
kgid_t gid;
struct rcu_head rcu;
};
#define AUTOFS_INF_EXPIRING (1<<0) /* dentry in the process of expiring */

2
fs/autofs/inode.c
View File

@ -36,7 +36,7 @@ void autofs_clean_ino(struct autofs_info *ino)
void autofs_free_ino(struct autofs_info *ino)
{
kfree(ino);
kfree_rcu(ino, rcu);
}
void autofs_kill_sb(struct super_block *sb)