8753333266
we need to hold ->wq_mutex while we are forming the packet to send, lest we have autofs4_catatonic_mode() setting wq->name.name to NULL just as autofs4_notify_daemon() decides to memcpy() from it... We do have check for catatonic mode immediately after that (under ->wq_mutex, as it ought to be) and packet won't be actually sent, but it'll be too late for us if we oops on that memcpy() from NULL... Fix is obvious - just extend the area covered by ->wq_mutex over that switch and check whether it's catatonic *before* doing anything else. Acked-by: Ian Kent <raven@themaw.net> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| autofs_i.h | ||
| dev-ioctl.c | ||
| expire.c | ||
| init.c | ||
| inode.c | ||
| root.c | ||
| symlink.c | ||
| waitq.c | ||