diff options
author | Jeff Layton <jlayton@redhat.com> | 2016-07-11 09:10:06 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2016-07-11 13:48:02 -0400 |
commit | 6d4e56ce977864b0fcd28c61555060e6010aa89b (patch) | |
tree | 8b73f1e73b4461597b4d951c7f49c92b3bb000a0 | |
parent | c94c09535c4debcc439f55b5b6d9ebe57bd4665a (diff) | |
download | linux-6d4e56ce977864b0fcd28c61555060e6010aa89b.tar.bz2 |
posix_acl: de-union a_refcount and a_rcu
Currently the two are unioned together, but I don't think that's safe.
It looks like get_cached_acl could race with the last put in
posix_acl_release. get_cached_acl calls atomic_inc_not_zero on
a_refcount, but that field could have already been clobbered by
call_rcu, and may no longer be zero. Fix this by de-unioning the two
fields.
Fixes: b8a7a3a66747 (posix_acl: Inode acl caching fixes)
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | include/linux/posix_acl.h | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h index 5b5a80cc5926..c818772d9f9d 100644 --- a/include/linux/posix_acl.h +++ b/include/linux/posix_acl.h @@ -43,10 +43,8 @@ struct posix_acl_entry { }; struct posix_acl { - union { - atomic_t a_refcount; - struct rcu_head a_rcu; - }; + atomic_t a_refcount; + struct rcu_head a_rcu; unsigned int a_count; struct posix_acl_entry a_entries[0]; }; |