Commit:     c3724b129b5a1a1789a2dc5348685a236ae02479
Parent:     6d205f120547043de663315698dcf5f0eaa31b5c
Author:     Jeff Mahoney <[EMAIL PROTECTED]>
AuthorDate: Wed Apr 11 23:28:46 2007 -0700
Committer:  Linus Torvalds <[EMAIL PROTECTED]>
CommitDate: Thu Apr 12 15:31:42 2007 -0700

    [PATCH] autofs4: fix race in unhashed dentry code
    Commit f50b6f8691cae2e0064c499dd3ef3f31142987f0 introduced a race in
    autofs4 between autofs_lookup_unhashed() and autofs_dentry_release().
    autofs_dentry_release() ends up clearing the ->dentry and ->inode members
    of autofs_info before removing it from the rehash list.  The list is
    protected by the rehash lock in both functions, but since
    autofs_dentry_release() starts tearing the autofs_info struct down before
    removing it from the list, autofs_lookup_unhashed() can get a autofs_info
    with a NULL dentry.
    This patch moves the clearing of ->dentry and ->inode after the removal
    from the rehash list.
    Signed-off-by: Jeff Mahoney <[EMAIL PROTECTED]>
    Acked-by: Ian Kent <[EMAIL PROTECTED]>
    Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
    Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
 fs/autofs4/root.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/autofs4/root.c b/fs/autofs4/root.c
index b463104..d0e9b3a 100644
--- a/fs/autofs4/root.c
+++ b/fs/autofs4/root.c
@@ -470,9 +470,6 @@ void autofs4_dentry_release(struct dentry *de)
        if (inf) {
                struct autofs_sb_info *sbi = autofs4_sbi(de->d_sb);
-               inf->dentry = NULL;
-               inf->inode = NULL;
                if (sbi) {
                        if (!list_empty(&inf->rehash))
@@ -480,6 +477,9 @@ void autofs4_dentry_release(struct dentry *de)
+               inf->dentry = NULL;
+               inf->inode = NULL;
