summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2016-07-11 16:10:06 +0300
committerAl Viro <viro@zeniv.linux.org.uk>2016-07-11 20:48:02 +0300
commit6d4e56ce977864b0fcd28c61555060e6010aa89b (patch)
tree8b73f1e73b4461597b4d951c7f49c92b3bb000a0
parentc94c09535c4debcc439f55b5b6d9ebe57bd4665a (diff)
downloadlinux-6d4e56ce977864b0fcd28c61555060e6010aa89b.tar.xz
posix_acl: de-union a_refcount and a_rcu
Currently the two are unioned together, but I don't think that's safe. It looks like get_cached_acl could race with the last put in posix_acl_release. get_cached_acl calls atomic_inc_not_zero on a_refcount, but that field could have already been clobbered by call_rcu, and may no longer be zero. Fix this by de-unioning the two fields. Fixes: b8a7a3a66747 (posix_acl: Inode acl caching fixes) Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r--include/linux/posix_acl.h6
1 files changed, 2 insertions, 4 deletions
diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h
index 5b5a80cc5926..c818772d9f9d 100644
--- a/include/linux/posix_acl.h
+++ b/include/linux/posix_acl.h
@@ -43,10 +43,8 @@ struct posix_acl_entry {
};
struct posix_acl {
- union {
- atomic_t a_refcount;
- struct rcu_head a_rcu;
- };
+ atomic_t a_refcount;
+ struct rcu_head a_rcu;
unsigned int a_count;
struct posix_acl_entry a_entries[0];
};