From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?UTF-8?B?7ZmN7IugIHNoaW4gaG9uZw==?= <hongshin@gmail.com>
Subject: a suspected race at __posix_lock_file()
Date: Fri, 24 Jul 2009 14:56:24 +0900
Message-ID: <2014bcab0907232256y18f98816r15464c024a934ae7@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
To: matthew@wil.cx, linux-fsdevel@vger.kernel.org
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mail-gx0-f213.google.com ([209.85.217.213]:47104 "EHLO
	mail-gx0-f213.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751257AbZGXF4Y (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Fri, 24 Jul 2009 01:56:24 -0400
Received: by gxk9 with SMTP id 9so2702711gxk.13
        for <linux-fsdevel@vger.kernel.org>; Thu, 23 Jul 2009 22:56:24 -0700 (PDT)
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

Hi. I found a suspected race condition bug at fs/locks/__posix_lock_file()
in recent Linux kernel.

This bug is similar to the one reported in ChangeLog 2.6.24 ( commit
85c59580b30c82aa771aa33b37217a6b6851bc14 ).

Big Kernel Lock(BKL) might be released and re-taken
at the call site of locks_delete_lock()
since Releasing-On-Block semantics of BKL.
Locks_delete_lock() may be blocked by kmem_cache_alloc() invocation.

Please examine the possbility of race condition of this code
and let me know your opinion.