autofs4: fix waitq locking

The autofs4_catatonic_mode() function accesses the wait queue without any locking but can be called at any time. This could lead to a possible double free of the name field of the wait and a double fput of the daemon communication pipe or an fput of a NULL file pointer. Signed-off-by: Ian Kent <raven@themaw.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Ian Kent <raven@themaw.net> 2008-07-23 21:30:17 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> 2008-07-24 10:47:32 -0700
commit: 5a11d4d0ee1ff284271f7265929d07ea4a1168a6 (patch)
tree: 4b9b76486afa5d9fc29216df069c5a557e09011a /fs/autofs4/inode.c
parent: 70b52a0a5005ce6a0ceec56e97222437a0ba7506 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/autofs4/inode.c b/fs/autofs4/inode.c
index e3e70994ab46..7bb3e5ba0537 100644
--- a/fs/autofs4/inode.c
+++ b/fs/autofs4/inode.c
@@ -163,8 +163,8 @@ void autofs4_kill_sb(struct super_block *sb)
 	if (!sbi)
 		goto out_kill_sb;
 
-	if (!sbi->catatonic)
-		autofs4_catatonic_mode(sbi); /* Free wait queues, close pipe */
+	/* Free wait queues, close pipe */
+	autofs4_catatonic_mode(sbi);
 
 	/* Clean up and release dangling references */
 	autofs4_force_release(sbi);
author	Ian Kent <raven@themaw.net>	2008-07-23 21:30:17 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	2008-07-24 10:47:32 -0700
commit	5a11d4d0ee1ff284271f7265929d07ea4a1168a6 (patch)
tree	4b9b76486afa5d9fc29216df069c5a557e09011a /fs/autofs4/inode.c
parent	70b52a0a5005ce6a0ceec56e97222437a0ba7506 (diff)