From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [patch]A potential bug in inotify_user.c
Date: Mon, 22 Oct 2007 14:40:48 -0700
Message-ID: <20071022144048.e184d8ef.akpm@linux-foundation.org>
References: <3d0408630709282028o3a43811bqcc2a32c878ddbf1c@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: linux-fsdevel@vger.kernel.org, ttb@tentacle.dhs.org,
	rlove@google.com
To: "Yan Zheng" <yanzheng@21cn.com>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from smtp2.linux-foundation.org ([207.189.120.14]:34408 "EHLO
	smtp2.linux-foundation.org" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1750793AbXJVVlE (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Mon, 22 Oct 2007 17:41:04 -0400
In-Reply-To: <3d0408630709282028o3a43811bqcc2a32c878ddbf1c@mail.gmail.com>
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Sat, 29 Sep 2007 11:28:22 +0800
"Yan Zheng" <yanzheng@21cn.com> wrote:

> Hello,
> 
> follow comment is at fs/inotify_user.c:287
> /* coalescing: drop this event if it is a dupe of the previous */
> 
> I think the previous event in the comment should be the last event in
> the link list. But inotify_dev_get_event return the first event in the
> list. In addition, it doesn't check whether the list is empty
> 
> Regards
> 
> Signed-off-by: Yan Zheng<yanzheng@21cn.com>
> ---
> diff -ur linux-2.6.23-rc8/fs/inotify_user.c linux/fs/inotify_user.c
> --- linux-2.6.23-rc8/fs/inotify_user.c	2007-09-29 11:00:15.000000000 +0800
> +++ linux/fs/inotify_user.c	2007-09-29 11:01:40.000000000 +0800
> @@ -247,6 +247,19 @@
>  }
> 
>  /*
> + * inotify_dev_get_last_event - return the last event in the given dev's queue
> + *
> + * Caller must hold dev->ev_mutex.
> + */
> +static inline struct inotify_kernel_event *
> +inotify_dev_get_last_event(struct inotify_device *dev)
> +{
> +	if (list_empty(&dev->events))
> +		return NULL;
> +	return list_entry(dev->events.prev, struct inotify_kernel_event, list);
> +}
> +
> +/*
>   * inotify_dev_queue_event - event handler registered with core inotify, adds
>   * a new event to the given device
>   *
> @@ -272,7 +285,7 @@
>  		put_inotify_watch(w); /* final put */
> 
>  	/* coalescing: drop this event if it is a dupe of the previous */
> -	last = inotify_dev_get_event(dev);
> +	last = inotify_dev_get_last_event(dev);
>  	if (last && last->event.mask == mask && last->event.wd == wd &&
>  			last->event.cookie == cookie) {
>  		const char *lastname = last->name;

So this has been floating around in my to-look-at queue for a month. 
Probably Robert didn't see it.

Could we take a look at it please?