luck/tmp_suning_uos_patched
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[PATCH] fix race in inotify_release

Browse Source 
While doing some inotify stress testing, I hit the following race.  In
inotify_release(), it's possible for a watch to be removed from the lists
in between dropping dev->mutex and taking inode->inotify_mutex.  The
reference we hold prevents the watch from being freed, but not from being
removed.

Checking the dev's idr mapping will prevent a double list_del of the
same watch.

Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Acked-by: John McCutchan <john@johnmccutchan.com>
Cc: Robert Love <rml@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Amy Griffis 2006-05-20 15:00:06 -07:00 committed by Linus Torvalds
parent 12783b002d
commit 66055a4e73
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
fs/inotify.c
View File

@ -848,7 +848,11 @@ static int inotify_release(struct inode *ignored, struct file *file)
inode = watch->inode; inode = watch->inode;
mutex_lock(&inode->inotify_mutex); mutex_lock(&inode->inotify_mutex);
mutex_lock(&dev->mutex); mutex_lock(&dev->mutex);
remove_watch_no_event(watch, dev);
/* make sure we didn't race with another list removal */
if (likely(idr_find(&dev->idr, watch->wd)))
remove_watch_no_event(watch, dev);
mutex_unlock(&dev->mutex); mutex_unlock(&dev->mutex);
mutex_unlock(&inode->inotify_mutex); mutex_unlock(&inode->inotify_mutex);
put_inotify_watch(watch); put_inotify_watch(watch);