I've found a race condition in autofs that could explain some of the
recent oops reports. In autofs/root.c, after doing a d_add(dentry,NULL)
there's a nice long pause for revalidation. But since the dentry hasn't
had its use count incremented, it may be possible for it to be released,
and after the lookup returns the trashed dentry might get used.
The attached patch bumps d_count around the revalidation to protect the
dentry.
Regards,
Bill
--------------BA1B12FC607F35504A74DA66
Content-Type: text/plain; charset=us-ascii; name="autofs48-patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="autofs48-patch"
--- fs/autofs/root.c.old Tue Aug 5 10:46:00 1997
+++ fs/autofs/root.c Fri Aug 8 11:00:38 1997
@@ -207,10 +207,16 @@
dentry->d_revalidate = autofs_revalidate;
dentry->d_flags |= DCACHE_AUTOFS_PENDING;
d_add(dentry, NULL);
+ /*
+ * The dentry's use count hasn't been bumped yet, so we do it
+ * here to protect it during revalidation.
+ */
+ dentry->d_count++;
up(&dir->i_sem);
autofs_revalidate(dentry);
down(&dir->i_sem);
+ dentry->d_count--;
return 0;
}
--------------BA1B12FC607F35504A74DA66--