From 1ea209c85e9c47e490256758592e658285e6ad40 Mon Sep 17 00:00:00 2001
From: Ian Kent <ikent@redhat.com>
Date: Wed, 15 Jan 2025 20:46:47 +0800
Subject: [PATCH] - add fix for RHEL-72524.

---
 ...x-deadlock-in-master_notify_submount.patch | 66 +++++++++++++++++++
 autofs.spec                                   | 12 +++-
 2 files changed, 76 insertions(+), 2 deletions(-)
 create mode 100644 autofs-5.1.9-fix-deadlock-in-master_notify_submount.patch

diff --git a/autofs-5.1.9-fix-deadlock-in-master_notify_submount.patch b/autofs-5.1.9-fix-deadlock-in-master_notify_submount.patch
new file mode 100644
index 0000000..e5672ed
--- /dev/null
+++ b/autofs-5.1.9-fix-deadlock-in-master_notify_submount.patch
@@ -0,0 +1,66 @@
+autofs-5.1.9 - fix deadlock in master_notify_submount()
+
+From: Ian Kent <raven@themaw.net>
+
+A deadlock between mnts_remove_submount() and master_notify_submount()
+can occur because master_notify_submount() holds the state mutex over
+a call to mnts_find_submount() which then needs to take mnts_hash_mutex.
+But mnts_remove_submount() takes mnts_hash_mutex and then needs to take
+the state mutex to clear the ->ap field so deadlock cann occur.
+
+But it isn't necessary for master_notify_submount() to take the state
+mutex before calling mnts_find_submount() because if the submount is'
+found a reference is taken on the entry so it won't go away while it's
+being used. All that's needed is to ensure that the ->ap field doesn't
+get set to NULL by mnts_remove_submount() while it's being used to check
+if the submount has shutdown.
+
+Fixes: 81ac572466e3 ("autofs-5.1.9 - fix submount shutdown race")
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG       |    1 +
+ daemon/master.c |    7 +++----
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+--- autofs-5.1.4.orig/CHANGELOG
++++ autofs-5.1.4/CHANGELOG
+@@ -161,6 +161,7 @@
+ - refactor amd function do_program_mount().
+ - refactor umount_amd_ext_mount().
+ - add flags argument to amd do_program_mount().
++- fix deadlock in master_notify_submount().
+ 
+ xx/xx/2018 autofs-5.1.5
+ - fix flag file permission.
+--- autofs-5.1.4.orig/daemon/master.c
++++ autofs-5.1.4/daemon/master.c
+@@ -1237,26 +1237,25 @@ int master_notify_submount(struct autofs
+ 		 * ST_SHUTDOWN_FORCE we need to wait until it goes away
+ 		 * or changes to state ST_SHUTDOWN or ST_READY.
+ 		 */
+-		st_mutex_lock();
+ 		while ((sbmnt = mnts_find_submount(path))) {
+ 			struct timespec t = { 0, 300000000 };
+ 			struct timespec r;
+ 
++			st_mutex_lock();
+ 			if (!sbmnt->ap ||
+ 			   (sbmnt->ap->state != ST_SHUTDOWN_PENDING &&
+ 			    sbmnt->ap->state != ST_SHUTDOWN_FORCE)) {
+ 				ret = 0;
++				st_mutex_unlock();
+ 				mnts_put_mount(sbmnt);
+ 				break;
+ 			}
++			st_mutex_unlock();
+ 			mnts_put_mount(sbmnt);
+ 
+-			st_mutex_unlock();
+ 			while (nanosleep(&t, &r) == -1 && errno == EINTR)
+ 				memcpy(&t, &r, sizeof(struct timespec));
+-			st_mutex_lock();
+ 		}
+-		st_mutex_unlock();
+ done:
+ 		mnts_put_mount(this);
+ 	}
diff --git a/autofs.spec b/autofs.spec
index ced3bb5..0c0fb6b 100644
--- a/autofs.spec
+++ b/autofs.spec
@@ -8,7 +8,7 @@
 Summary: A tool for automatically mounting and unmounting filesystems
 Name: autofs
 Version: 5.1.4
-Release: 114%{?dist}.1
+Release: 114%{?dist}.2
 Epoch: 1
 License: GPLv2+
 Group: System Environment/Daemons
@@ -341,6 +341,8 @@ Patch335: autofs-5.1.9-refactor-amd-function-do_program_mount.patch
 Patch336: autofs-5.1.9-refactor-amd-function-umount_amd_ext_mount.patch
 Patch337: autofs-5.1.9-add-flags-argument-to-amd-do_program_mount.patch
 
+Patch338: autofs-5.1.9-fix-deadlock-in-master_notify_submount.patch
+
 %if %{with_systemd}
 BuildRequires: systemd-units
 BuildRequires: systemd-devel
@@ -722,6 +724,8 @@ echo %{version}-%{release} > .version
 %patch336 -p1
 %patch337 -p1
 
+%patch338 -p1
+
 %build
 LDFLAGS=-Wl,-z,now
 %configure --disable-mount-locking --enable-ignore-busy --with-libtirpc --without-hesiod %{?systemd_configure_arg:}
@@ -816,6 +820,11 @@ fi
 %dir /etc/auto.master.d
 
 %changelog
+* Wed Jan 15 2025 Ian Kent <ikent@redhat.com> - 5.1.4-114.el8_10.2
+- RHEL-72524 - autofs: deadlock between mnts_lookup_mount and mnts_remove_mount
+  - fix deadlock in master_notify_submount().
+-Resolves: RHEL-72524
+
 * Fri Nov 08 2024 Ian Kent <ikent@redhat.com> - 5.1.4-114
 - RHEL-61670 - sporadic autofs daemon segfaults
   - fix submount shutdown race.
@@ -828,7 +837,6 @@ fi
   - add flags argument to amd do_program_mount().
 - Resolves: RHEL-61670 RHEL-52402
 
-
 * Mon Dec 18 2023 Ian Kent <ikent@redhat.com> - 5.1.4-113
 - RHEL-18035 - SIGSEGV using hierarchical map entries on reload with
   autofs-5.1.4-109