autofs4: fix waitq locking The autofs4_catatonic_mode() function accesses the wait queue without any locking but can be called at any time. This could lead to a possible double free of the name field of the wait and a double fput of the daemon communication pipe or an fput of a NULL file pointer. Signed-off-by: Ian Kent <raven@themaw.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit: 5a11d4d0ee1ff284271f7265929d07ea4a1168a6 [log] [tgz]
author: Ian Kent <raven@themaw.net> Wed Jul 23 21:30:17 2008 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> Thu Jul 24 10:47:32 2008 -0700
tree: 4b9b76486afa5d9fc29216df069c5a557e09011a
parent: 70b52a0a5005ce6a0ceec56e97222437a0ba7506 [diff] [blame]
diff --git a/fs/autofs4/inode.c b/fs/autofs4/inode.c
index e3e7099..7bb3e5b 100644
--- a/fs/autofs4/inode.c
+++ b/fs/autofs4/inode.c

@@ -163,8 +163,8 @@
 	if (!sbi)
 		goto out_kill_sb;
 
-	if (!sbi->catatonic)
-		autofs4_catatonic_mode(sbi); /* Free wait queues, close pipe */
+	/* Free wait queues, close pipe */
+	autofs4_catatonic_mode(sbi);
 
 	/* Clean up and release dangling references */
 	autofs4_force_release(sbi);
commit	5a11d4d0ee1ff284271f7265929d07ea4a1168a6	[log] [tgz]
author	Ian Kent <raven@themaw.net>	Wed Jul 23 21:30:17 2008 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	Thu Jul 24 10:47:32 2008 -0700
tree	4b9b76486afa5d9fc29216df069c5a557e09011a
parent	70b52a0a5005ce6a0ceec56e97222437a0ba7506 [diff] [blame]