From 11bf6b1ea65f1580477827831d05711e5b87ac7b Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Thu, 2 Apr 2015 16:35:48 -0500
Subject: fs_pin: Allow for the possibility that m_list or s_list go unused.

[ Upstream commit 820f9f147dcce2602eefd9b575bbbd9ea14f0953 ]

This is needed to support lazily umounting locked mounts.  Because the
entire unmounted subtree needs to stay together until there are no
users with references to any part of the subtree.

To support this guarantee that the fs_pin m_list and s_list nodes
are initialized by initializing them in init_fs_pin allowing
for the possibility that pin_insert_group does not touch them.

Further use hlist_del_init in pin_remove so that there is
a hlist_unhashed test before the list we attempt to update
the previous list item.

Fixes CVE-2015-4178.
Upstream-Status: Backport

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
 fs/fs_pin.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/fs_pin.c b/fs/fs_pin.c
index 9368236..569bbd1 100644
--- a/fs/fs_pin.c
+++ b/fs/fs_pin.c
@@ -20,8 +20,8 @@ void pin_put(struct fs_pin *p)
 void pin_remove(struct fs_pin *pin)
 {
 	spin_lock(&pin_lock);
-	hlist_del(&pin->m_list);
-	hlist_del(&pin->s_list);
+	hlist_del_init(&pin->m_list);
+	hlist_del_init(&pin->s_list);
 	spin_unlock(&pin_lock);
 }
 
-- 
cgit v0.11.2