From patchwork Wed Oct 25 08:41:35 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Miklos Szeredi X-Patchwork-Id: 10026043 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 73EA460375 for ; Wed, 25 Oct 2017 08:43:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 62B6128B1E for ; Wed, 25 Oct 2017 08:43:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5723028B26; Wed, 25 Oct 2017 08:43:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.4 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DE94028B1E for ; Wed, 25 Oct 2017 08:43:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932253AbdJYInM (ORCPT ); Wed, 25 Oct 2017 04:43:12 -0400 Received: from mail-wr0-f193.google.com ([209.85.128.193]:53499 "EHLO mail-wr0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932284AbdJYIlp (ORCPT ); Wed, 25 Oct 2017 04:41:45 -0400 Received: by mail-wr0-f193.google.com with SMTP id u40so17272106wrf.10 for ; Wed, 25 Oct 2017 01:41:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=PnB9w4nIqSy2J6n9/+y3RqKAiyEOFGmcPo7aJcF2F5g=; b=FeBQ4u9KzHeM7s6+EzzGNTV6LnPdL9NbwUBtSzGrEgUndR+sQ2HOhpUax1gEFTzTiU vu6+kzFsfPQsrA8NclcqcAv54QJC5qvPBqLIRpTE5+DM+VMeARDIeO9RKV3Mn1EsgQxz FvCXBOuU9AHRJLJ7t0JC07jLmUaWIzJk4fOnYvV2fAI5VbFBY8u6lUDVg7BqwBBSUL6Y ViBYEWUKhQ3MpysNUtbMI5lWrRhhzmpb2ffndsfpS21uSVMYK3LjPq71gHNhC8GgmsxF 8uXWCq76cCdcpKliCqojUA//WDRDwgu9RP8Ol0WJNOwHcvYbBkW8nKteJc0BtXLBxby5 Y+Ig== X-Gm-Message-State: AMCzsaUPKinZpMw4/iockgxXMx9fAMnhj5oHlDu3ttcygNGQMhGkJgu4 p3zr0PpNhBiJ4VjKKDig0otDWWO1UDI= X-Google-Smtp-Source: ABhQp+SdP8trXxroZcW9e1wWdZ+2xvb6zN9l6HGpZfUcJxqK+kZQfFogXvSOLPGcX1mlcKNYQreMgg== X-Received: by 10.223.142.180 with SMTP id q49mr1465669wrb.142.1508920904277; Wed, 25 Oct 2017 01:41:44 -0700 (PDT) Received: from veci.piliscsaba.szeredi.hu (C2B0E321.catv.pool.telekom.hu. [194.176.227.33]) by smtp.gmail.com with ESMTPSA id 31sm1732312wrm.0.2017.10.25.01.41.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Oct 2017 01:41:43 -0700 (PDT) From: Miklos Szeredi To: linux-fsdevel@vger.kernel.org Cc: Jan Kara , Amir Goldstein , Xiong Zhou , linux-kernel@vger.kernel.org Subject: [PATCH v2 3/7] fsnotify: fix pinning group in fsnotify_prepare_user_wait() Date: Wed, 25 Oct 2017 10:41:35 +0200 Message-Id: <1508920899-8115-4-git-send-email-mszeredi@redhat.com> X-Mailer: git-send-email 2.5.5 In-Reply-To: <1508920899-8115-1-git-send-email-mszeredi@redhat.com> References: <1508920899-8115-1-git-send-email-mszeredi@redhat.com> Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Blind increment of group's user_waits is not enough, we could be far enough in the group's destruction that it isn't taken into account (i.e. grabbing the mark ref afterwards doesn't guarantee that it was the ref coming from the _group_ that was grabbed). Instead we need to check (under lock) that the mark is still attached to the group after having obtained a ref to the mark. If not, skip it. Signed-off-by: Miklos Szeredi Fixes: 9385a84d7e1f ("fsnotify: Pass fsnotify_iter_info into handle_event handler") Cc: # v4.12 --- fs/notify/mark.c | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/fs/notify/mark.c b/fs/notify/mark.c index 982527ce6a58..14b76a06ab33 100644 --- a/fs/notify/mark.c +++ b/fs/notify/mark.c @@ -253,23 +253,20 @@ void fsnotify_put_mark(struct fsnotify_mark *mark) */ static bool fsnotify_get_mark_safe(struct fsnotify_mark *mark) { - struct fsnotify_group *group; - if (!mark) return true; - group = mark->group; - /* - * Since acquisition of mark reference is an atomic op as well, we can - * be sure this inc is seen before any effect of refcount increment. - */ - atomic_inc(&group->user_waits); - if (atomic_inc_not_zero(&mark->refcnt)) - return true; - - if (atomic_dec_and_test(&group->user_waits) && group->shutdown) - wake_up(&group->notification_waitq); - + if (atomic_inc_not_zero(&mark->refcnt)) { + spin_lock(&mark->lock); + if (mark->flags & FSNOTIFY_MARK_FLAG_ATTACHED) { + /* mark is attached, group is still alive then */ + atomic_inc(&mark->group->user_waits); + spin_unlock(&mark->lock); + return true; + } + spin_unlock(&mark->lock); + fsnotify_put_mark(mark); + } return false; }