forked from Minki/linux
autofs4: catatonic_mode vs. notify_daemon race
we need to hold ->wq_mutex while we are forming the packet to send, lest we have autofs4_catatonic_mode() setting wq->name.name to NULL just as autofs4_notify_daemon() decides to memcpy() from it... We do have check for catatonic mode immediately after that (under ->wq_mutex, as it ought to be) and packet won't be actually sent, but it'll be too late for us if we oops on that memcpy() from NULL... Fix is obvious - just extend the area covered by ->wq_mutex over that switch and check whether it's catatonic *before* doing anything else. Acked-by: Ian Kent <raven@themaw.net> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
4041bcdc7b
commit
8753333266
@ -110,6 +110,13 @@ static void autofs4_notify_daemon(struct autofs_sb_info *sbi,
|
|||||||
|
|
||||||
pkt.hdr.proto_version = sbi->version;
|
pkt.hdr.proto_version = sbi->version;
|
||||||
pkt.hdr.type = type;
|
pkt.hdr.type = type;
|
||||||
|
mutex_lock(&sbi->wq_mutex);
|
||||||
|
|
||||||
|
/* Check if we have become catatonic */
|
||||||
|
if (sbi->catatonic) {
|
||||||
|
mutex_unlock(&sbi->wq_mutex);
|
||||||
|
return;
|
||||||
|
}
|
||||||
switch (type) {
|
switch (type) {
|
||||||
/* Kernel protocol v4 missing and expire packets */
|
/* Kernel protocol v4 missing and expire packets */
|
||||||
case autofs_ptype_missing:
|
case autofs_ptype_missing:
|
||||||
@ -163,22 +170,18 @@ static void autofs4_notify_daemon(struct autofs_sb_info *sbi,
|
|||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
printk("autofs4_notify_daemon: bad type %d!\n", type);
|
printk("autofs4_notify_daemon: bad type %d!\n", type);
|
||||||
|
mutex_unlock(&sbi->wq_mutex);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check if we have become catatonic */
|
pipe = sbi->pipe;
|
||||||
mutex_lock(&sbi->wq_mutex);
|
get_file(pipe);
|
||||||
if (!sbi->catatonic) {
|
|
||||||
pipe = sbi->pipe;
|
|
||||||
get_file(pipe);
|
|
||||||
}
|
|
||||||
mutex_unlock(&sbi->wq_mutex);
|
mutex_unlock(&sbi->wq_mutex);
|
||||||
|
|
||||||
if (pipe) {
|
if (autofs4_write(pipe, &pkt, pktsz))
|
||||||
if (autofs4_write(pipe, &pkt, pktsz))
|
autofs4_catatonic_mode(sbi);
|
||||||
autofs4_catatonic_mode(sbi);
|
fput(pipe);
|
||||||
fput(pipe);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int autofs4_getpath(struct autofs_sb_info *sbi,
|
static int autofs4_getpath(struct autofs_sb_info *sbi,
|
||||||
|
Loading…
Reference in New Issue
Block a user