Re: [PATCH 2/2] updated filesystem auditing patches for lspp test kernel

[Amy Griffis <amy.griffis@hp.com>]

Serge E. Hallyn wrote:  [Mon Apr 10 2006, 01:56:26PM EDT]
> Hard to give this a meaningful review - particularly the first patch,
> a large part of which seemed to be moving functionality from one file to
> another.

FWIW, it may help to diff inotify_user.c against an unpatched
inotify.c (included below for reference).  The essence of the inotify
patch is *how* the current functionality is split between kernel API
and userspace support.  There isn't much new code.

> Quoting Amy Griffis (amy.griffis@hp.com):
> > +/* Initialize a watch entry. */
> > +static inline struct audit_watch *audit_init_watch(char *path)
> > +{
> > +	struct audit_watch *watch;
> > +
> > +	watch = kzalloc(sizeof(*watch), GFP_KERNEL);
> > +	if (unlikely(!watch))
> > +		return ERR_PTR(-ENOMEM);
> ...
> > +	watch = audit_init_watch(path);
> > +	if (unlikely(IS_ERR(watch)))
> > +		return PTR_ERR(watch);
> 
> Ok, but
> 
> > +	new = audit_init_watch(path);
> > +	if (unlikely(!new)) {
> > +		kfree(path);
> > +		return ERR_PTR(-ENOMEM);
> > +	}
> 
> not ok

thanks

--- a/fs/inotify.c	2006-04-10 22:00:02.000000000 -0400
+++ b/fs/inotify_user.c	2006-04-10 22:13:14.000000000 -0400
@@ -18,11 +18,8 @@
  * General Public License for more details.
  */
 
-#include <linux/module.h>
 #include <linux/kernel.h>
 #include <linux/sched.h>
-#include <linux/spinlock.h>
-#include <linux/idr.h>
 #include <linux/slab.h>
 #include <linux/fs.h>
 #include <linux/file.h>
@@ -31,14 +28,11 @@
 #include <linux/poll.h>
 #include <linux/init.h>
 #include <linux/list.h>
-#include <linux/writeback.h>
 #include <linux/inotify.h>
 #include <linux/syscalls.h>
 
 #include <asm/ioctls.h>
 
-static atomic_t inotify_cookie;
-
 static kmem_cache_t *watch_cachep __read_mostly;
 static kmem_cache_t *event_cachep __read_mostly;
 
@@ -52,27 +46,21 @@ int inotify_max_queued_events __read_mos
 /*
  * Lock ordering:
  *
- * dentry->d_lock (used to keep d_move() away from dentry->d_parent)
- * iprune_mutex (synchronize shrink_icache_memory())
- * 	inode_lock (protects the super_block->s_inodes list)
- * 	inode->inotify_mutex (protects inode->inotify_watches and watches->i_list)
- * 		inotify_dev->mutex (protects inotify_device and watches->d_list)
+ * inotify_dev->up_mutex (ensures we don't re-add the same watch)
+ * 	inode->inotify_mutex (protects inode's watch list)
+ * 		inotify_handle->mutex (protects inotify_handle's watch list)
+ * 			inotify_dev->ev_mutex (protects device's event queue)
  */
 
 /*
- * Lifetimes of the three main data structures--inotify_device, inode, and
- * inotify_watch--are managed by reference count.
- *
- * inotify_device: Lifetime is from inotify_init() until release.  Additional
- * references can bump the count via get_inotify_dev() and drop the count via
- * put_inotify_dev().
+ * Lifetimes of the main data structures:
  *
- * inotify_watch: Lifetime is from create_watch() to destory_watch().
- * Additional references can bump the count via get_inotify_watch() and drop
- * the count via put_inotify_watch().
+ * inotify_device: Lifetime is managed by reference count, from
+ * sys_inotify_init() until release.  Additional references can bump the count
+ * via get_inotify_dev() and drop the count via put_inotify_dev().
  *
- * inode: Pinned so long as the inode is associated with a watch, from
- * create_watch() to put_inotify_watch().
+ * inotify_user_watch: Lifetime is from create_watch() to the receipt of an
+ * IN_IGNORED event from inotify.
  */
 
 /*
@@ -82,16 +70,15 @@ int inotify_max_queued_events __read_mos
  */
 struct inotify_device {
 	wait_queue_head_t 	wq;		/* wait queue for i/o */
-	struct idr		idr;		/* idr mapping wd -> watch */
-	struct mutex		mutex;		/* protects this bad boy */
+	struct mutex		ev_mutex;	/* protects event queue */
+	struct mutex		up_mutex;	/* synchronizes watch updates */
 	struct list_head 	events;		/* list of queued events */
-	struct list_head	watches;	/* list of watches */
 	atomic_t		count;		/* reference count */
 	struct user_struct	*user;		/* user who opened this dev */
+	struct inotify_handle	*ih;		/* inotify handle */
 	unsigned int		queue_size;	/* size of the queue (bytes) */
 	unsigned int		event_count;	/* number of pending events */
 	unsigned int		max_events;	/* maximum number of events */
-	u32			last_wd;	/* the last wd allocated */
 };
 
 /*
@@ -100,7 +87,7 @@ struct inotify_device {
  * device.  In read(), this list is walked and all events that can fit in the
  * buffer are returned.
  *
- * Protected by dev->mutex of the device in which we are queued.
+ * Protected by dev->ev_mutex of the device in which we are queued.
  */
 struct inotify_kernel_event {
 	struct inotify_event	event;	/* the user-space event */
@@ -109,20 +96,12 @@ struct inotify_kernel_event {
 };
 
 /*
- * struct inotify_watch - represents a watch request on a specific inode
- *
- * d_list is protected by dev->mutex of the associated watch->dev.
- * i_list and mask are protected by inode->inotify_mutex of the associated inode.
- * dev, inode, and wd are never written to once the watch is created.
+ * struct inotify_user_watch - our version of an inotify_watch, we add
+ * a reference to the associated inotify_device.
  */
-struct inotify_watch {
-	struct list_head	d_list;	/* entry in inotify_device's list */
-	struct list_head	i_list;	/* entry in inode's list */
-	atomic_t		count;	/* reference count */
+struct inotify_user_watch {
 	struct inotify_device	*dev;	/* associated device */
-	struct inode		*inode;	/* associated inode */
-	s32 			wd;	/* watch descriptor */
-	u32			mask;	/* event mask for this watch */
+	struct inotify_watch	wdata;	/* inotify watch data */
 };
 
 #ifdef CONFIG_SYSCTL
@@ -150,16 +129,16 @@ ctl_table inotify_table[] = {
 		.mode		= 0644,
 		.proc_handler	= &proc_dointvec_minmax,
 		.strategy	= &sysctl_intvec,
-		.extra1		= &zero, 
+		.extra1		= &zero,
 	},
 	{
 		.ctl_name	= INOTIFY_MAX_QUEUED_EVENTS,
 		.procname	= "max_queued_events",
 		.data		= &inotify_max_queued_events,
 		.maxlen		= sizeof(int),
-		.mode		= 0644, 
+		.mode		= 0644,
 		.proc_handler	= &proc_dointvec_minmax,
-		.strategy	= &sysctl_intvec, 
+		.strategy	= &sysctl_intvec,
 		.extra1		= &zero
 	},
 	{ .ctl_name = 0 }
@@ -176,27 +155,20 @@ static inline void put_inotify_dev(struc
 	if (atomic_dec_and_test(&dev->count)) {
 		atomic_dec(&dev->user->inotify_devs);
 		free_uid(dev->user);
-		idr_destroy(&dev->idr);
 		kfree(dev);
 	}
 }
 
-static inline void get_inotify_watch(struct inotify_watch *watch)
-{
-	atomic_inc(&watch->count);
-}
-
 /*
- * put_inotify_watch - decrements the ref count on a given watch.  cleans up
- * the watch and its references if the count reaches zero.
+ * free_inotify_user_watch - * cleans up the watch and its references
  */
-static inline void put_inotify_watch(struct inotify_watch *watch)
+static inline void free_inotify_user_watch(struct inotify_user_watch *watch)
 {
-	if (atomic_dec_and_test(&watch->count)) {
-		put_inotify_dev(watch->dev);
-		iput(watch->inode);
-		kmem_cache_free(watch_cachep, watch);
-	}
+	struct inotify_device *dev = watch->dev;
+
+	atomic_dec(&dev->user->inotify_watches);
+	put_inotify_dev(dev);
+	kmem_cache_free(watch_cachep, watch);
 }
 
 /*
@@ -247,7 +219,7 @@ static struct inotify_kernel_event * ker
 		}
 		memcpy(kevent->name, name, len);
 		if (rem)
-			memset(kevent->name + len, 0, rem);		
+			memset(kevent->name + len, 0, rem);
 		kevent->event.len = len + rem;
 	} else {
 		kevent->event.len = 0;
@@ -260,7 +232,7 @@ static struct inotify_kernel_event * ker
 /*
  * inotify_dev_get_event - return the next event in the given dev's queue
  *
- * Caller must hold dev->mutex.
+ * Caller must hold dev->ev_mutex.
  */
 static inline struct inotify_kernel_event *
 inotify_dev_get_event(struct inotify_device *dev)
@@ -269,19 +241,33 @@ inotify_dev_get_event(struct inotify_dev
 }
 
 /*
- * inotify_dev_queue_event - add a new event to the given device
+ * inotify_dev_queue_event - event callback registered with core inotify, adds
+ * a new event to the given device
  *
- * Caller must hold dev->mutex.  Can sleep (calls kernel_event()).
+ * Can sleep (calls kernel_event()).
  */
-static void inotify_dev_queue_event(struct inotify_device *dev,
-				    struct inotify_watch *watch, u32 mask,
-				    u32 cookie, const char *name)
+static void inotify_dev_queue_event(struct inotify_watch *w, u32 wd, u32 mask,
+				    u32 cookie, const char *name,
+				    struct inode *ignored)
 {
+	struct inotify_user_watch *watch;
+	struct inotify_device *dev;
 	struct inotify_kernel_event *kevent, *last;
 
+	watch = container_of(w, struct inotify_user_watch, wdata);
+	dev = watch->dev;
+
+	mutex_lock(&dev->ev_mutex);
+
+	/* we can safely put the watch as we don't reference it while
+	 * generating the event
+	 */
+	if (mask & IN_IGNORED)
+		free_inotify_user_watch(watch);
+
 	/* coalescing: drop this event if it is a dupe of the previous */
 	last = inotify_dev_get_event(dev);
-	if (last && last->event.mask == mask && last->event.wd == watch->wd &&
+	if (last && last->event.mask == mask && last->event.wd == wd &&
 			last->event.cookie == cookie) {
 		const char *lastname = last->name;
 
@@ -299,7 +285,7 @@ static void inotify_dev_queue_event(stru
 	if (unlikely(dev->event_count == dev->max_events))
 		kevent = kernel_event(-1, IN_Q_OVERFLOW, cookie, NULL);
 	else
-		kevent = kernel_event(watch->wd, mask, cookie, name);
+		kevent = kernel_event(wd, mask, cookie, name);
 
 	if (unlikely(!kevent))
 		return;
@@ -309,12 +295,14 @@ static void inotify_dev_queue_event(stru
 	dev->queue_size += sizeof(struct inotify_event) + kevent->event.len;
 	list_add_tail(&kevent->list, &dev->events);
 	wake_up_interruptible(&dev->wq);
+
+	mutex_unlock(&dev->ev_mutex);
 }
 
 /*
  * remove_kevent - cleans up and ultimately frees the given kevent
  *
- * Caller must hold dev->mutex.
+ * Caller must hold dev->ev_mutex.
  */
 static void remove_kevent(struct inotify_device *dev,
 			  struct inotify_kernel_event *kevent)
@@ -331,7 +319,7 @@ static void remove_kevent(struct inotify
 /*
  * inotify_dev_event_dequeue - destroy an event on the given device
  *
- * Caller must hold dev->mutex.
+ * Caller must hold dev->ev_mutex.
  */
 static void inotify_dev_event_dequeue(struct inotify_device *dev)
 {
@@ -343,25 +331,6 @@ static void inotify_dev_event_dequeue(st
 }
 
 /*
- * inotify_dev_get_wd - returns the next WD for use by the given dev
- *
- * Callers must hold dev->mutex.  This function can sleep.
- */
-static int inotify_dev_get_wd(struct inotify_device *dev,
-			      struct inotify_watch *watch)
-{
-	int ret;
-
-	do {
-		if (unlikely(!idr_pre_get(&dev->idr, GFP_KERNEL)))
-			return -ENOSPC;
-		ret = idr_get_new_above(&dev->idr, watch, dev->last_wd+1, &watch->wd);
-	} while (ret == -EAGAIN);
-
-	return ret;
-}
-
-/*
  * find_inode - resolve a user-given path to a specific inode and return a nd
  */
 static int find_inode(const char __user *dirname, struct nameidata *nd,
@@ -374,359 +343,45 @@ static int find_inode(const char __user 
 		return error;
 	/* you can only watch an inode if you have read permissions on it */
 	error = vfs_permission(nd, MAY_READ);
-	if (error) 
+	if (error)
 		path_release(nd);
 	return error;
 }
 
 /*
- * inotify_inode_watched - returns nonzero if there are watches on this inode
- * and zero otherwise.  We call this lockless, we do not care if we race.
- */
-static inline int inotify_inode_watched(struct inode *inode)
-{
-	return !list_empty(&inode->inotify_watches);
-}
-
-/*
- * Get child dentry flag into synch with parent inode.
- * Flag should always be clear for negative dentrys.
- */
-static void set_dentry_child_flags(struct inode *inode, int watched)
-{
-	struct dentry *alias;
-
-	spin_lock(&dcache_lock);
-	list_for_each_entry(alias, &inode->i_dentry, d_alias) {
-		struct dentry *child;
-
-		list_for_each_entry(child, &alias->d_subdirs, d_u.d_child) {
-			if (!child->d_inode) {
-				WARN_ON(child->d_flags & DCACHE_INOTIFY_PARENT_WATCHED);
-				continue;
-			}
-			spin_lock(&child->d_lock);
-			if (watched) {
-				WARN_ON(child->d_flags &
-						DCACHE_INOTIFY_PARENT_WATCHED);
-				child->d_flags |= DCACHE_INOTIFY_PARENT_WATCHED;
-			} else {
-				WARN_ON(!(child->d_flags &
-					DCACHE_INOTIFY_PARENT_WATCHED));
-				child->d_flags&=~DCACHE_INOTIFY_PARENT_WATCHED;
-			}
-			spin_unlock(&child->d_lock);
-		}
-	}
-	spin_unlock(&dcache_lock);
-}
-
-/*
  * create_watch - creates a watch on the given device.
  *
- * Callers must hold dev->mutex.  Calls inotify_dev_get_wd() so may sleep.
- * Both 'dev' and 'inode' (by way of nameidata) need to be pinned.
+ * Callers must hold dev->up_mutex.
  */
-static struct inotify_watch *create_watch(struct inotify_device *dev,
-					  u32 mask, struct inode *inode)
+static int create_watch(struct inotify_device *dev, struct inode *inode,
+			u32 mask)
 {
-	struct inotify_watch *watch;
+	struct inotify_user_watch *watch;
 	int ret;
 
 	if (atomic_read(&dev->user->inotify_watches) >=
 			inotify_max_user_watches)
-		return ERR_PTR(-ENOSPC);
+		return -ENOSPC;
 
 	watch = kmem_cache_alloc(watch_cachep, GFP_KERNEL);
 	if (unlikely(!watch))
-		return ERR_PTR(-ENOMEM);
-
-	ret = inotify_dev_get_wd(dev, watch);
-	if (unlikely(ret)) {
-		kmem_cache_free(watch_cachep, watch);
-		return ERR_PTR(ret);
-	}
-
-	dev->last_wd = watch->wd;
-	watch->mask = mask;
-	atomic_set(&watch->count, 0);
-	INIT_LIST_HEAD(&watch->d_list);
-	INIT_LIST_HEAD(&watch->i_list);
+		return -ENOMEM;
 
 	/* save a reference to device and bump the count to make it official */
 	get_inotify_dev(dev);
 	watch->dev = dev;
 
-	/*
-	 * Save a reference to the inode and bump the ref count to make it
-	 * official.  We hold a reference to nameidata, which makes this safe.
-	 */
-	watch->inode = igrab(inode);
-
-	/* bump our own count, corresponding to our entry in dev->watches */
-	get_inotify_watch(watch);
-
 	atomic_inc(&dev->user->inotify_watches);
 
-	return watch;
-}
-
-/*
- * inotify_find_dev - find the watch associated with the given inode and dev
- *
- * Callers must hold inode->inotify_mutex.
- */
-static struct inotify_watch *inode_find_dev(struct inode *inode,
-					    struct inotify_device *dev)
-{
-	struct inotify_watch *watch;
-
-	list_for_each_entry(watch, &inode->inotify_watches, i_list) {
-		if (watch->dev == dev)
-			return watch;
-	}
-
-	return NULL;
-}
-
-/*
- * remove_watch_no_event - remove_watch() without the IN_IGNORED event.
- */
-static void remove_watch_no_event(struct inotify_watch *watch,
-				  struct inotify_device *dev)
-{
-	list_del(&watch->i_list);
-	list_del(&watch->d_list);
-
-	if (!inotify_inode_watched(watch->inode))
-		set_dentry_child_flags(watch->inode, 0);
+	ret = inotify_add_watch(dev->ih, &watch->wdata, inode, mask);
+	if (ret < 0)
+		free_inotify_user_watch(watch);
 
-	atomic_dec(&dev->user->inotify_watches);
-	idr_remove(&dev->idr, watch->wd);
-	put_inotify_watch(watch);
-}
-
-/*
- * remove_watch - Remove a watch from both the device and the inode.  Sends
- * the IN_IGNORED event to the given device signifying that the inode is no
- * longer watched.
- *
- * Callers must hold both inode->inotify_mutex and dev->mutex.  We drop a
- * reference to the inode before returning.
- *
- * The inode is not iput() so as to remain atomic.  If the inode needs to be
- * iput(), the call returns one.  Otherwise, it returns zero.
- */
-static void remove_watch(struct inotify_watch *watch,struct inotify_device *dev)
-{
-	inotify_dev_queue_event(dev, watch, IN_IGNORED, 0, NULL);
-	remove_watch_no_event(watch, dev);
+	return ret;
 }
 
 /* Kernel API */
 
-/*
- * inotify_d_instantiate - instantiate dcache entry for inode
- */
-void inotify_d_instantiate(struct dentry *entry, struct inode *inode)
-{
-	struct dentry *parent;
-
-	if (!inode)
-		return;
-
-	WARN_ON(entry->d_flags & DCACHE_INOTIFY_PARENT_WATCHED);
-	spin_lock(&entry->d_lock);
-	parent = entry->d_parent;
-	if (inotify_inode_watched(parent->d_inode))
-		entry->d_flags |= DCACHE_INOTIFY_PARENT_WATCHED;
-	spin_unlock(&entry->d_lock);
-}
-
-/*
- * inotify_d_move - dcache entry has been moved
- */
-void inotify_d_move(struct dentry *entry)
-{
-	struct dentry *parent;
-
-	parent = entry->d_parent;
-	if (inotify_inode_watched(parent->d_inode))
-		entry->d_flags |= DCACHE_INOTIFY_PARENT_WATCHED;
-	else
-		entry->d_flags &= ~DCACHE_INOTIFY_PARENT_WATCHED;
-}
-
-/**
- * inotify_inode_queue_event - queue an event to all watches on this inode
- * @inode: inode event is originating from
- * @mask: event mask describing this event
- * @cookie: cookie for synchronization, or zero
- * @name: filename, if any
- */
-void inotify_inode_queue_event(struct inode *inode, u32 mask, u32 cookie,
-			       const char *name)
-{
-	struct inotify_watch *watch, *next;
-
-	if (!inotify_inode_watched(inode))
-		return;
-
-	mutex_lock(&inode->inotify_mutex);
-	list_for_each_entry_safe(watch, next, &inode->inotify_watches, i_list) {
-		u32 watch_mask = watch->mask;
-		if (watch_mask & mask) {
-			struct inotify_device *dev = watch->dev;
-			get_inotify_watch(watch);
-			mutex_lock(&dev->mutex);
-			inotify_dev_queue_event(dev, watch, mask, cookie, name);
-			if (watch_mask & IN_ONESHOT)
-				remove_watch_no_event(watch, dev);
-			mutex_unlock(&dev->mutex);
-			put_inotify_watch(watch);
-		}
-	}
-	mutex_unlock(&inode->inotify_mutex);
-}
-EXPORT_SYMBOL_GPL(inotify_inode_queue_event);
-
-/**
- * inotify_dentry_parent_queue_event - queue an event to a dentry's parent
- * @dentry: the dentry in question, we queue against this dentry's parent
- * @mask: event mask describing this event
- * @cookie: cookie for synchronization, or zero
- * @name: filename, if any
- */
-void inotify_dentry_parent_queue_event(struct dentry *dentry, u32 mask,
-				       u32 cookie, const char *name)
-{
-	struct dentry *parent;
-	struct inode *inode;
-
-	if (!(dentry->d_flags & DCACHE_INOTIFY_PARENT_WATCHED))
-		return;
-
-	spin_lock(&dentry->d_lock);
-	parent = dentry->d_parent;
-	inode = parent->d_inode;
-
-	if (inotify_inode_watched(inode)) {
-		dget(parent);
-		spin_unlock(&dentry->d_lock);
-		inotify_inode_queue_event(inode, mask, cookie, name);
-		dput(parent);
-	} else
-		spin_unlock(&dentry->d_lock);
-}
-EXPORT_SYMBOL_GPL(inotify_dentry_parent_queue_event);
-
-/**
- * inotify_get_cookie - return a unique cookie for use in synchronizing events.
- */
-u32 inotify_get_cookie(void)
-{
-	return atomic_inc_return(&inotify_cookie);
-}
-EXPORT_SYMBOL_GPL(inotify_get_cookie);
-
-/**
- * inotify_unmount_inodes - an sb is unmounting.  handle any watched inodes.
- * @list: list of inodes being unmounted (sb->s_inodes)
- *
- * Called with inode_lock held, protecting the unmounting super block's list
- * of inodes, and with iprune_mutex held, keeping shrink_icache_memory() at bay.
- * We temporarily drop inode_lock, however, and CAN block.
- */
-void inotify_unmount_inodes(struct list_head *list)
-{
-	struct inode *inode, *next_i, *need_iput = NULL;
-
-	list_for_each_entry_safe(inode, next_i, list, i_sb_list) {
-		struct inotify_watch *watch, *next_w;
-		struct inode *need_iput_tmp;
-		struct list_head *watches;
-
-		/*
-		 * If i_count is zero, the inode cannot have any watches and
-		 * doing an __iget/iput with MS_ACTIVE clear would actually
-		 * evict all inodes with zero i_count from icache which is
-		 * unnecessarily violent and may in fact be illegal to do.
-		 */
-		if (!atomic_read(&inode->i_count))
-			continue;
-
-		/*
-		 * We cannot __iget() an inode in state I_CLEAR, I_FREEING, or
-		 * I_WILL_FREE which is fine because by that point the inode
-		 * cannot have any associated watches.
-		 */
-		if (inode->i_state & (I_CLEAR | I_FREEING | I_WILL_FREE))
-			continue;
-
-		need_iput_tmp = need_iput;
-		need_iput = NULL;
-		/* In case the remove_watch() drops a reference. */
-		if (inode != need_iput_tmp)
-			__iget(inode);
-		else
-			need_iput_tmp = NULL;
-		/* In case the dropping of a reference would nuke next_i. */
-		if ((&next_i->i_sb_list != list) &&
-				atomic_read(&next_i->i_count) &&
-				!(next_i->i_state & (I_CLEAR | I_FREEING |
-					I_WILL_FREE))) {
-			__iget(next_i);
-			need_iput = next_i;
-		}
-
-		/*
-		 * We can safely drop inode_lock here because we hold
-		 * references on both inode and next_i.  Also no new inodes
-		 * will be added since the umount has begun.  Finally,
-		 * iprune_mutex keeps shrink_icache_memory() away.
-		 */
-		spin_unlock(&inode_lock);
-
-		if (need_iput_tmp)
-			iput(need_iput_tmp);
-
-		/* for each watch, send IN_UNMOUNT and then remove it */
-		mutex_lock(&inode->inotify_mutex);
-		watches = &inode->inotify_watches;
-		list_for_each_entry_safe(watch, next_w, watches, i_list) {
-			struct inotify_device *dev = watch->dev;
-			mutex_lock(&dev->mutex);
-			inotify_dev_queue_event(dev, watch, IN_UNMOUNT,0,NULL);
-			remove_watch(watch, dev);
-			mutex_unlock(&dev->mutex);
-		}
-		mutex_unlock(&inode->inotify_mutex);
-		iput(inode);		
-
-		spin_lock(&inode_lock);
-	}
-}
-EXPORT_SYMBOL_GPL(inotify_unmount_inodes);
-
-/**
- * inotify_inode_is_dead - an inode has been deleted, cleanup any watches
- * @inode: inode that is about to be removed
- */
-void inotify_inode_is_dead(struct inode *inode)
-{
-	struct inotify_watch *watch, *next;
-
-	mutex_lock(&inode->inotify_mutex);
-	list_for_each_entry_safe(watch, next, &inode->inotify_watches, i_list) {
-		struct inotify_device *dev = watch->dev;
-		mutex_lock(&dev->mutex);
-		remove_watch(watch, dev);
-		mutex_unlock(&dev->mutex);
-	}
-	mutex_unlock(&inode->inotify_mutex);
-}
-EXPORT_SYMBOL_GPL(inotify_inode_is_dead);
-
 /* Device Interface */
 
 static unsigned int inotify_poll(struct file *file, poll_table *wait)
@@ -735,10 +390,10 @@ static unsigned int inotify_poll(struct 
 	int ret = 0;
 
 	poll_wait(file, &dev->wq, wait);
-	mutex_lock(&dev->mutex);
+	mutex_lock(&dev->ev_mutex);
 	if (!list_empty(&dev->events))
 		ret = POLLIN | POLLRDNORM;
-	mutex_unlock(&dev->mutex);
+	mutex_unlock(&dev->ev_mutex);
 
 	return ret;
 }
@@ -760,9 +415,9 @@ static ssize_t inotify_read(struct file 
 
 		prepare_to_wait(&dev->wq, &wait, TASK_INTERRUPTIBLE);
 
-		mutex_lock(&dev->mutex);
+		mutex_lock(&dev->ev_mutex);
 		events = !list_empty(&dev->events);
-		mutex_unlock(&dev->mutex);
+		mutex_unlock(&dev->ev_mutex);
 		if (events) {
 			ret = 0;
 			break;
@@ -785,7 +440,7 @@ static ssize_t inotify_read(struct file 
 	if (ret)
 		return ret;
 
-	mutex_lock(&dev->mutex);
+	mutex_lock(&dev->ev_mutex);
 	while (1) {
 		struct inotify_kernel_event *kevent;
 
@@ -815,7 +470,7 @@ static ssize_t inotify_read(struct file 
 
 		remove_kevent(dev, kevent);
 	}
-	mutex_unlock(&dev->mutex);
+	mutex_unlock(&dev->ev_mutex);
 
 	return ret;
 }
@@ -824,41 +479,13 @@ static int inotify_release(struct inode 
 {
 	struct inotify_device *dev = file->private_data;
 
-	/*
-	 * Destroy all of the watches on this device.  Unfortunately, not very
-	 * pretty.  We cannot do a simple iteration over the list, because we
-	 * do not know the inode until we iterate to the watch.  But we need to
-	 * hold inode->inotify_mutex before dev->mutex.  The following works.
-	 */
-	while (1) {
-		struct inotify_watch *watch;
-		struct list_head *watches;
-		struct inode *inode;
-
-		mutex_lock(&dev->mutex);
-		watches = &dev->watches;
-		if (list_empty(watches)) {
-			mutex_unlock(&dev->mutex);
-			break;
-		}
-		watch = list_entry(watches->next, struct inotify_watch, d_list);
-		get_inotify_watch(watch);
-		mutex_unlock(&dev->mutex);
-
-		inode = watch->inode;
-		mutex_lock(&inode->inotify_mutex);
-		mutex_lock(&dev->mutex);
-		remove_watch_no_event(watch, dev);
-		mutex_unlock(&dev->mutex);
-		mutex_unlock(&inode->inotify_mutex);
-		put_inotify_watch(watch);
-	}
+	inotify_destroy(dev->ih);
 
 	/* destroy all of the events on this device */
-	mutex_lock(&dev->mutex);
+	mutex_lock(&dev->ev_mutex);
 	while (!list_empty(&dev->events))
 		inotify_dev_event_dequeue(dev);
-	mutex_unlock(&dev->mutex);
+	mutex_unlock(&dev->ev_mutex);
 
 	/* free this device: the put matching the get in inotify_init() */
 	put_inotify_dev(dev);
@@ -866,41 +493,6 @@ static int inotify_release(struct inode 
 	return 0;
 }
 
-/*
- * inotify_ignore - remove a given wd from this inotify instance.
- *
- * Can sleep.
- */
-static int inotify_ignore(struct inotify_device *dev, s32 wd)
-{
-	struct inotify_watch *watch;
-	struct inode *inode;
-
-	mutex_lock(&dev->mutex);
-	watch = idr_find(&dev->idr, wd);
-	if (unlikely(!watch)) {
-		mutex_unlock(&dev->mutex);
-		return -EINVAL;
-	}
-	get_inotify_watch(watch);
-	inode = watch->inode;
-	mutex_unlock(&dev->mutex);
-
-	mutex_lock(&inode->inotify_mutex);
-	mutex_lock(&dev->mutex);
-
-	/* make sure that we did not race */
-	watch = idr_find(&dev->idr, wd);
-	if (likely(watch))
-		remove_watch(watch, dev);
-
-	mutex_unlock(&dev->mutex);
-	mutex_unlock(&inode->inotify_mutex);
-	put_inotify_watch(watch);
-
-	return 0;
-}
-
 static long inotify_ioctl(struct file *file, unsigned int cmd,
 			  unsigned long arg)
 {
@@ -931,8 +523,9 @@ static const struct file_operations inot
 asmlinkage long sys_inotify_init(void)
 {
 	struct inotify_device *dev;
+	struct inotify_handle *ih;
 	struct user_struct *user;
-	struct file *filp;	
+	struct file *filp;
 	int fd, ret;
 
 	fd = get_unused_fd();
@@ -958,6 +551,13 @@ asmlinkage long sys_inotify_init(void)
 		goto out_free_uid;
 	}
 
+	ih = inotify_init(inotify_dev_queue_event);
+	if (unlikely(IS_ERR(ih))) {
+		ret = PTR_ERR(ih);
+		goto out_free_dev;
+	}
+	dev->ih = ih;
+
 	filp->f_op = &inotify_fops;
 	filp->f_vfsmnt = mntget(inotify_mnt);
 	filp->f_dentry = dget(inotify_mnt->mnt_root);
@@ -966,16 +566,14 @@ asmlinkage long sys_inotify_init(void)
 	filp->f_flags = O_RDONLY;
 	filp->private_data = dev;
 
-	idr_init(&dev->idr);
 	INIT_LIST_HEAD(&dev->events);
-	INIT_LIST_HEAD(&dev->watches);
 	init_waitqueue_head(&dev->wq);
-	mutex_init(&dev->mutex);
+	mutex_init(&dev->ev_mutex);
+	mutex_init(&dev->up_mutex);
 	dev->event_count = 0;
 	dev->queue_size = 0;
 	dev->max_events = inotify_max_queued_events;
 	dev->user = user;
-	dev->last_wd = 0;
 	atomic_set(&dev->count, 0);
 
 	get_inotify_dev(dev);
@@ -983,6 +581,8 @@ asmlinkage long sys_inotify_init(void)
 	fd_install(fd, filp);
 
 	return fd;
+out_free_dev:
+	kfree(dev);
 out_free_uid:
 	free_uid(user);
 	put_filp(filp);
@@ -993,13 +593,11 @@ out_put_fd:
 
 asmlinkage long sys_inotify_add_watch(int fd, const char __user *path, u32 mask)
 {
-	struct inotify_watch *watch, *old;
 	struct inode *inode;
 	struct inotify_device *dev;
 	struct nameidata nd;
 	struct file *filp;
 	int ret, fput_needed;
-	int mask_add = 0;
 	unsigned flags = 0;
 
 	filp = fget_light(fd, &fput_needed);
@@ -1025,49 +623,12 @@ asmlinkage long sys_inotify_add_watch(in
 	inode = nd.dentry->d_inode;
 	dev = filp->private_data;
 
-	mutex_lock(&inode->inotify_mutex);
-	mutex_lock(&dev->mutex);
-
-	if (mask & IN_MASK_ADD)
-		mask_add = 1;
+	mutex_lock(&dev->up_mutex);
+	ret = inotify_find_update_watch(dev->ih, inode, mask);
+	if (ret == -ENOENT)
+		ret = create_watch(dev, inode, mask);
+	mutex_unlock(&dev->up_mutex);
 
-	/* don't let user-space set invalid bits: we don't want flags set */
-	mask &= IN_ALL_EVENTS | IN_ONESHOT;
-	if (unlikely(!mask)) {
-		ret = -EINVAL;
-		goto out;
-	}
-
-	/*
-	 * Handle the case of re-adding a watch on an (inode,dev) pair that we
-	 * are already watching.  We just update the mask and return its wd.
-	 */
-	old = inode_find_dev(inode, dev);
-	if (unlikely(old)) {
-		if (mask_add)
-			old->mask |= mask;
-		else
-			old->mask = mask;
-		ret = old->wd;
-		goto out;
-	}
-
-	watch = create_watch(dev, mask, inode);
-	if (unlikely(IS_ERR(watch))) {
-		ret = PTR_ERR(watch);
-		goto out;
-	}
-
-	if (!inotify_inode_watched(inode))
-		set_dentry_child_flags(inode, 1);
-
-	/* Add the watch to the device's and the inode's list */
-	list_add(&watch->d_list, &dev->watches);
-	list_add(&watch->i_list, &inode->inotify_watches);
-	ret = watch->wd;
-out:
-	mutex_unlock(&dev->mutex);
-	mutex_unlock(&inode->inotify_mutex);
 	path_release(&nd);
 fput_and_out:
 	fput_light(filp, fput_needed);
@@ -1091,7 +652,9 @@ asmlinkage long sys_inotify_rm_watch(int
 	}
 
 	dev = filp->private_data;
-	ret = inotify_ignore(dev, wd);
+
+	/* we free our watch data when we get IN_IGNORED */
+	ret = inotify_rm_wd(dev->ih, wd);
 
 out:
 	fput_light(filp, fput_needed);
@@ -1112,11 +675,11 @@ static struct file_system_type inotify_f
 };
 
 /*
- * inotify_setup - Our initialization function.  Note that we cannnot return
+ * inotify_user_setup - Our initialization function.  Note that we cannnot return
  * error because we have compiled-in VFS hooks.  So an (unlikely) failure here
  * must result in panic().
  */
-static int __init inotify_setup(void)
+static int __init inotify_user_setup(void)
 {
 	int ret;
 
@@ -1132,10 +695,8 @@ static int __init inotify_setup(void)
 	inotify_max_user_instances = 128;
 	inotify_max_user_watches = 8192;
 
-	atomic_set(&inotify_cookie, 0);
-
 	watch_cachep = kmem_cache_create("inotify_watch_cache",
-					 sizeof(struct inotify_watch),
+					 sizeof(struct inotify_user_watch),
 					 0, SLAB_PANIC, NULL, NULL);
 	event_cachep = kmem_cache_create("inotify_event_cache",
 					 sizeof(struct inotify_kernel_event),
@@ -1144,4 +705,4 @@ static int __init inotify_setup(void)
 	return 0;
 }
 
-module_init(inotify_setup);
+module_init(inotify_user_setup);