From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Yan Zheng" Subject: [patch]A potential bug in inotify_user.c Date: Sat, 29 Sep 2007 11:28:22 +0800 Message-ID: <3d0408630709282028o3a43811bqcc2a32c878ddbf1c@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit To: linux-fsdevel@vger.kernel.org, akpm@linux-foundation.org, ttb@tentacle.dhs.org, rml@novell.com Return-path: Received: from fk-out-0910.google.com ([209.85.128.190]:11738 "EHLO fk-out-0910.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752886AbXI2D2Z (ORCPT ); Fri, 28 Sep 2007 23:28:25 -0400 Received: by fk-out-0910.google.com with SMTP id z23so3287221fkz for ; Fri, 28 Sep 2007 20:28:22 -0700 (PDT) Content-Disposition: inline Sender: linux-fsdevel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org Hello, follow comment is at fs/inotify_user.c:287 /* coalescing: drop this event if it is a dupe of the previous */ I think the previous event in the comment should be the last event in the link list. But inotify_dev_get_event return the first event in the list. In addition, it doesn't check whether the list is empty Regards Signed-off-by: Yan Zheng --- diff -ur linux-2.6.23-rc8/fs/inotify_user.c linux/fs/inotify_user.c --- linux-2.6.23-rc8/fs/inotify_user.c 2007-09-29 11:00:15.000000000 +0800 +++ linux/fs/inotify_user.c 2007-09-29 11:01:40.000000000 +0800 @@ -247,6 +247,19 @@ } /* + * inotify_dev_get_last_event - return the last event in the given dev's queue + * + * Caller must hold dev->ev_mutex. + */ +static inline struct inotify_kernel_event * +inotify_dev_get_last_event(struct inotify_device *dev) +{ + if (list_empty(&dev->events)) + return NULL; + return list_entry(dev->events.prev, struct inotify_kernel_event, list); +} + +/* * inotify_dev_queue_event - event handler registered with core inotify, adds * a new event to the given device * @@ -272,7 +285,7 @@ put_inotify_watch(w); /* final put */ /* coalescing: drop this event if it is a dupe of the previous */ - last = inotify_dev_get_event(dev); + last = inotify_dev_get_last_event(dev); if (last && last->event.mask == mask && last->event.wd == wd && last->event.cookie == cookie) { const char *lastname = last->name;