autofs: fix use-after-free in lockless ->d_manage()
autofs_d_release() can overlap with lockless ->d_manage(), ending up with autofs_dentry_ino() freed under the latter. Make freeing autofs_info instances RCU-delayed... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
5467a68cbf
commit
ce285c267a
@ -71,6 +71,7 @@ struct autofs_info {
|
||||
|
||||
kuid_t uid;
|
||||
kgid_t gid;
|
||||
struct rcu_head rcu;
|
||||
};
|
||||
|
||||
#define AUTOFS_INF_EXPIRING (1<<0) /* dentry in the process of expiring */
|
||||
|
@ -36,7 +36,7 @@ void autofs_clean_ino(struct autofs_info *ino)
|
||||
|
||||
void autofs_free_ino(struct autofs_info *ino)
|
||||
{
|
||||
kfree(ino);
|
||||
kfree_rcu(ino, rcu);
|
||||
}
|
||||
|
||||
void autofs_kill_sb(struct super_block *sb)
|
||||
|
Loading…
Reference in New Issue
Block a user