[10/25] inotify: Do not drop mark reference under idr_lock

Message ID	20170201104457.23194-11-jack@suse.cz (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-fsdevel-owner@kernel.org> From: Jan Kara <jack@suse.cz> To: <linux-fsdevel@vger.kernel.org> Cc: Amir Goldstein <amir73il@gmail.com>, Paul Moore <paul@paul-moore.com>, Miklos Szeredi <miklos@szeredi.hu>, Jan Kara <jack@suse.cz> Subject: [PATCH 10/25] inotify: Do not drop mark reference under idr_lock Date: Wed, 1 Feb 2017 11:44:42 +0100 Message-Id: <20170201104457.23194-11-jack@suse.cz> In-Reply-To: <20170201104457.23194-1-jack@suse.cz> References: <20170201104457.23194-1-jack@suse.cz> Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk

Message ID

20170201104457.23194-11-jack@suse.cz (mailing list archive)

State

New, archived

Headers

From: Jan Kara <jack@suse.cz>
To: <linux-fsdevel@vger.kernel.org>
Cc: Amir Goldstein <amir73il@gmail.com>, Paul Moore <paul@paul-moore.com>,
	Miklos Szeredi <miklos@szeredi.hu>, Jan Kara <jack@suse.cz>
Subject: [PATCH 10/25] inotify: Do not drop mark reference under idr_lock
Date: Wed,  1 Feb 2017 11:44:42 +0100
Message-Id: <20170201104457.23194-11-jack@suse.cz>
In-Reply-To: <20170201104457.23194-1-jack@suse.cz>
References: <20170201104457.23194-1-jack@suse.cz>
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk

Commit Message

Jan Kara Feb. 1, 2017, 10:44 a.m. UTC

Dropping mark reference can result in mark being freed. Although it
should not happen in inotify_remove_from_idr() since caller should hold
another reference, just don't risk lock up just after WARN_ON
unnecessarily. Also fold do_inotify_remove_from_idr() into the single
callsite as that function really is just two lines of real code.

Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
---
 fs/notify/inotify/inotify_user.c | 24 ++++++------------------
 1 file changed, 6 insertions(+), 18 deletions(-)

diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
index 3697567c7897..06dae605158d 100644
--- a/fs/notify/inotify/inotify_user.c
+++ b/fs/notify/inotify/inotify_user.c
@@ -397,21 +397,6 @@  static struct inotify_inode_mark *inotify_idr_find(struct fsnotify_group *group,
 	return i_mark;
 }
 
-static void do_inotify_remove_from_idr(struct fsnotify_group *group,
-				       struct inotify_inode_mark *i_mark)
-{
-	struct idr *idr = &group->inotify_data.idr;
-	spinlock_t *idr_lock = &group->inotify_data.idr_lock;
-	int wd = i_mark->wd;
-
-	assert_spin_locked(idr_lock);
-
-	idr_remove(idr, wd);
-
-	/* removed from the idr, drop that ref */
-	fsnotify_put_mark(&i_mark->fsn_mark);
-}
-
 /*
  * Remove the mark from the idr (if present) and drop the reference
  * on the mark because it was in the idr.
@@ -419,6 +404,7 @@  static void do_inotify_remove_from_idr(struct fsnotify_group *group,
 static void inotify_remove_from_idr(struct fsnotify_group *group,
 				    struct inotify_inode_mark *i_mark)
 {
+	struct idr *idr = &group->inotify_data.idr;
 	spinlock_t *idr_lock = &group->inotify_data.idr_lock;
 	struct inotify_inode_mark *found_i_mark = NULL;
 	int wd;
@@ -470,13 +456,15 @@  static void inotify_remove_from_idr(struct fsnotify_group *group,
 		BUG();
 	}
 
-	do_inotify_remove_from_idr(group, i_mark);
+	idr_remove(idr, wd);
+	/* Removed from the idr, drop that ref. */
+	fsnotify_put_mark(&i_mark->fsn_mark);
 out:
+	i_mark->wd = -1;
+	spin_unlock(idr_lock);
 	/* match the ref taken by inotify_idr_find_locked() */
 	if (found_i_mark)
 		fsnotify_put_mark(&found_i_mark->fsn_mark);
-	i_mark->wd = -1;
-	spin_unlock(idr_lock);
 }
 
 /*

[10/25] inotify: Do not drop mark reference under idr_lock

Commit Message

Patch