From: Eric Paris <eparis@redhat.com>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: linux-kernel@vger.kernel.org, malware-list@lists.printk.net,
akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk,
arjan@infradead.org, hch@infradead.org, a.p.zijlstra@chello.nl
Subject: Re: [PATCH -v3 7/8] fsnotify: add in inode fsnotify markings
Date: Fri, 28 Nov 2008 18:43:06 -0500 [thread overview]
Message-ID: <1227915786.3393.21.camel@localhost.localdomain> (raw)
In-Reply-To: <20081128054241.GJ28946@ZenIV.linux.org.uk>
On Fri, 2008-11-28 at 05:42 +0000, Al Viro wrote:
> On Tue, Nov 25, 2008 at 12:21:28PM -0500, Eric Paris wrote:
>
> > +void fsnotify_mark_get(struct fsnotify_mark_entry *entry)
> > +{
> > + spin_lock(&entry->lock);
> > + entry->refcnt++;
> > + spin_unlock(&entry->lock);
> > +}
>
> > +void fsnotify_mark_put(struct fsnotify_mark_entry *entry)
> > +{
> > + spin_lock(&entry->lock);
> > + entry->refcnt--;
> > + /* if (!refcnt && killme) we are off both lists and nothing else can find us. */
> > + if ((!entry->refcnt) && (entry->killme)) {
> > + spin_unlock(&entry->lock);
> > + fsnotify_mark_kill(entry);
> > + return;
> > + }
> > + spin_unlock(&entry->lock);
> > +}
>
> Uh-huh... And what happens if fsnotify_mark_get() comes in the middle
> of final fsnotify_mark_put()? You spin on entry->lock, gain it just before
> fsnotify_mark_kill() which proceeds to kfree entry under you just as you
> increment its refcnt...
fsnotify_mark_get() can only find this object through either the
entry->i_list or entry->g_list. When we drop our ref to 0 and hold the
spinlock we know that no other task would have been able to find us on
those lists (everything that searches the i_list holds the
i_fsnotify_lock and that lock was dropped since we cleared ourselves
from that list and the same is true for the lock on the g_list side)
So if kill_me is set and the refcnt == 0 we are not on either list and
no other task could find this to try to call mark_get(). I'll review
it to make sure, but the design is that we are safe since nothing else
can find us to increment the ref cnt.
>
> > +void fsnotify_clear_mark_group(struct fsnotify_group *group)
> > +{
> > + struct fsnotify_mark_entry *entry;
> > + struct inode *inode;
> > +
> > + mutex_lock(&group->mark_mutex);
> > + while (!list_empty(&group->mark_entries)) {
> > + entry = list_first_entry(&group->mark_entries, struct fsnotify_mark_entry, g_list);
> > +
> > + /* make sure the entry survives until it is off both lists */
> > + fsnotify_mark_get(entry);
> > +
> > + /* remove from g_list */
> > + list_del_init(&entry->g_list);
> > + mutex_unlock(&group->mark_mutex);
> > +
> > + inode = entry->inode;
> > +
> > + spin_lock(&entry->lock);
> > + entry->killme = 1;
> > + spin_unlock(&entry->lock);
> >
> > + /* remove from i_list */
> > + spin_lock(&inode->i_fsnotify_lock);
>
> ... and just what would keep the inode from being freed under you here?
I'll review.
next prev parent reply other threads:[~2008-11-28 23:44 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-25 17:20 [PATCH -v3 0/8] file notification: fsnotify a unified file notification backend Eric Paris
2008-11-25 17:20 ` [PATCH -v3 1/8] filesystem notification: create fs/notify to contain all fs notification Eric Paris
2008-11-28 5:24 ` Al Viro
2008-11-25 17:21 ` [PATCH -v3 2/8] fsnotify: pass a file instead of an inode to open, read, and write Eric Paris
2008-11-25 17:21 ` [PATCH -v3 3/8] fsnotify: sys_execve and sys_uselib do not call into fsnotify Eric Paris
2008-11-28 10:16 ` Christoph Hellwig
2008-11-25 17:21 ` [PATCH -v3 4/8] fsnotify: use the new open-exec hook for inotify and dnotify Eric Paris
2008-11-25 17:21 ` [PATCH -v3 5/8] fsnotify: unified filesystem notification backend Eric Paris
2008-11-27 16:14 ` Peter Zijlstra
2008-11-27 16:17 ` Peter Zijlstra
2008-11-27 16:20 ` Peter Zijlstra
2008-11-28 23:22 ` Eric Paris
2008-11-28 23:39 ` Peter Zijlstra
2008-11-27 16:21 ` Peter Zijlstra
2008-11-28 4:54 ` Al Viro
2008-11-28 23:32 ` Eric Paris
2008-11-25 17:21 ` [PATCH -v3 6/8] fsnotify: add group priorities Eric Paris
2008-11-27 16:25 ` Peter Zijlstra
2008-12-01 15:20 ` Eric Paris
2008-12-01 15:37 ` Peter Zijlstra
2008-11-25 17:21 ` [PATCH -v3 7/8] fsnotify: add in inode fsnotify markings Eric Paris
2008-11-27 16:29 ` Peter Zijlstra
2008-11-28 5:42 ` Al Viro
2008-11-28 23:43 ` Eric Paris [this message]
2008-11-25 17:21 ` [PATCH -v3 8/8] dnotify: reimplement dnotify using fsnotify Eric Paris
2008-11-28 5:14 ` Al Viro
2008-11-28 23:37 ` Eric Paris
2008-11-28 6:25 ` Al Viro
2008-11-28 23:44 ` Eric Paris
2008-11-26 0:14 ` [PATCH -v3 0/8] file notification: fsnotify a unified file notification backend Andrew Morton
2008-11-26 2:00 ` Eric Paris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1227915786.3393.21.camel@localhost.localdomain \
--to=eparis@redhat.com \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=arjan@infradead.org \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=malware-list@lists.printk.net \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.