posix_acl: de-union a_refcount and a_rcu

Currently the two are unioned together, but I don't think that's safe. It looks like get_cached_acl could race with the last put in posix_acl_release. get_cached_acl calls atomic_inc_not_zero on a_refcount, but that field could have already been clobbered by call_rcu, and may no longer be zero. Fix this by de-unioning the two fields. Fixes: b8a7a3a6 (posix_acl: Inode acl caching fixes) Signed-off-by: N Jeff Layton <jlayton@redhat.com> Signed-off-by: N Al Viro <viro@zeniv.linux.org.uk>

posix_acl: de-union a_refcount and a_rcu
Currently the two are unioned together, but I don't think that's safe. It looks like get_cached_acl could race with the last put in posix_acl_release. get_cached_acl calls atomic_inc_not_zero on a_refcount, but that field could have already been clobbered by call_rcu, and may no longer be zero. Fix this by de-unioning the two fields. Fixes: b8a7a3a6 (posix_acl: Inode acl caching fixes) Signed-off-by: N Jeff Layton <jlayton@redhat.com> Signed-off-by: N Al Viro <viro@zeniv.linux.org.uk>
6d4e56ce · Jeff Layton · Al Viro · c94c0953 · 6d4e56ce
隐藏空白更改
内联并排

Showing with 2 addition and 4 deletion

include/linux/posix_acl.h include/linux/posix_acl.h +2 -4

未找到文件。
--- a/include/linux/posix_acl.h
+++ b/include/linux/posix_acl.h
@@ -43,10 +43,8 @@ struct posix_acl_entry {
 };

 struct posix_acl {
-	union {
-		atomic_t		a_refcount;
-		struct rcu_head		a_rcu;
-	};
+	atomic_t		a_refcount;
+	struct rcu_head		a_rcu;
 	unsigned int		a_count;
 	struct posix_acl_entry	a_entries[0];
 };