From ce285c267a003acbf607f3540ff71287f82e5282 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Tue, 2 Apr 2019 15:17:34 -0400
Subject: autofs: fix use-after-free in lockless ->d_manage()

autofs_d_release() can overlap with lockless ->d_manage(),
ending up with autofs_dentry_ino() freed under the latter.
Make freeing autofs_info instances RCU-delayed...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 fs/autofs/autofs_i.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'fs/autofs/autofs_i.h')

diff --git a/fs/autofs/autofs_i.h b/fs/autofs/autofs_i.h
index 70c132acdab1..e1091312abe1 100644
--- a/fs/autofs/autofs_i.h
+++ b/fs/autofs/autofs_i.h
@@ -71,6 +71,7 @@ struct autofs_info {
 
 	kuid_t uid;
 	kgid_t gid;
+	struct rcu_head rcu;
 };
 
 #define AUTOFS_INF_EXPIRING	(1<<0) /* dentry in the process of expiring */
-- 
cgit v1.2.3