aboutsummaryrefslogtreecommitdiffstats
path: root/fs/notify/inotify/inotify_user.c
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2009-07-07 10:28:23 -0400
committerEric Paris <eparis@redhat.com>2009-07-21 15:26:26 -0400
commit75fe2b26394c59c8e16bd7b76f4be5d048103ad1 (patch)
tree0f2a6c59dd1c6eddc497b9c7363298e949c0768a /fs/notify/inotify/inotify_user.c
parent5549f7cdf84c02939fd368d0842aa2f472bb6e98 (diff)
inotify: do not leak inode marks in inotify_add_watch
inotify_add_watch had a couple of problems. The biggest being that if inotify_add_watch was called on the same inode twice (to update or change the event mask) a refence was taken on the original inode mark by fsnotify_find_mark_entry but was not being dropped at the end of the inotify_add_watch call. Thus if inotify_rm_watch was called although the mark was removed from the inode, the refcnt wouldn't hit zero and we would leak memory. Reported-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'fs/notify/inotify/inotify_user.c')
-rw-r--r--fs/notify/inotify/inotify_user.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
index 1a870f9157b3..aff4214f16c3 100644
--- a/fs/notify/inotify/inotify_user.c
+++ b/fs/notify/inotify/inotify_user.c
@@ -463,9 +463,6 @@ retry:
463 goto out_err; 463 goto out_err;
464 464
465 spin_lock(&group->inotify_data.idr_lock); 465 spin_lock(&group->inotify_data.idr_lock);
466 /* if entry is added to the idr we keep the reference obtained
467 * through fsnotify_mark_add. remember to drop this reference
468 * when entry is removed from idr */
469 ret = idr_get_new_above(&group->inotify_data.idr, entry, 466 ret = idr_get_new_above(&group->inotify_data.idr, entry,
470 ++group->inotify_data.last_wd, 467 ++group->inotify_data.last_wd,
471 &ientry->wd); 468 &ientry->wd);
@@ -476,8 +473,13 @@ retry:
476 goto out_err; 473 goto out_err;
477 } 474 }
478 atomic_inc(&group->inotify_data.user->inotify_watches); 475 atomic_inc(&group->inotify_data.user->inotify_watches);
476
477 /* we put the mark on the idr, take a reference */
478 fsnotify_get_mark(entry);
479 } 479 }
480 480
481 ret = ientry->wd;
482
481 spin_lock(&entry->lock); 483 spin_lock(&entry->lock);
482 484
483 old_mask = entry->mask; 485 old_mask = entry->mask;
@@ -508,7 +510,11 @@ retry:
508 fsnotify_recalc_group_mask(group); 510 fsnotify_recalc_group_mask(group);
509 } 511 }
510 512
511 return ientry->wd; 513 /* this either matches fsnotify_find_mark_entry, or init_mark_entry
514 * depending on which path we took... */
515 fsnotify_put_mark(entry);
516
517 return ret;
512 518
513out_err: 519out_err:
514 /* see this isn't supposed to happen, just kill the watch */ 520 /* see this isn't supposed to happen, just kill the watch */