aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorAmy Griffis <amy.griffis@hp.com>2006-05-20 18:00:06 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-05-21 15:59:18 -0400
commit66055a4e7334b05354c835123ff621c5f700e56a (patch)
treede9d4b432e48d4c919b70a627d9ba0b50e840de0 /fs
parent12783b002db1f02c29353c8f698a85514420b9f4 (diff)
[PATCH] fix race in inotify_release
While doing some inotify stress testing, I hit the following race. In inotify_release(), it's possible for a watch to be removed from the lists in between dropping dev->mutex and taking inode->inotify_mutex. The reference we hold prevents the watch from being freed, but not from being removed. Checking the dev's idr mapping will prevent a double list_del of the same watch. Signed-off-by: Amy Griffis <amy.griffis@hp.com> Acked-by: John McCutchan <john@johnmccutchan.com> Cc: Robert Love <rml@novell.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/inotify.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/fs/inotify.c b/fs/inotify.c
index 1f50302849c5..7d5725336527 100644
--- a/fs/inotify.c
+++ b/fs/inotify.c
@@ -848,7 +848,11 @@ static int inotify_release(struct inode *ignored, struct file *file)
848 inode = watch->inode; 848 inode = watch->inode;
849 mutex_lock(&inode->inotify_mutex); 849 mutex_lock(&inode->inotify_mutex);
850 mutex_lock(&dev->mutex); 850 mutex_lock(&dev->mutex);
851 remove_watch_no_event(watch, dev); 851
852 /* make sure we didn't race with another list removal */
853 if (likely(idr_find(&dev->idr, watch->wd)))
854 remove_watch_no_event(watch, dev);
855
852 mutex_unlock(&dev->mutex); 856 mutex_unlock(&dev->mutex);
853 mutex_unlock(&inode->inotify_mutex); 857 mutex_unlock(&inode->inotify_mutex);
854 put_inotify_watch(watch); 858 put_inotify_watch(watch);