From: Jan Kara <jack@suse.cz>
To: Amir Goldstein <amir73il@gmail.com>
Cc: Jan Kara <jack@suse.cz>, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH] fsnotify: fix false positive warning on inode delete
Date: Mon, 20 Aug 2018 12:07:19 +0200 [thread overview]
Message-ID: <20180820100719.GB13830@quack2.suse.cz> (raw)
In-Reply-To: <1534682106-26538-1-git-send-email-amir73il@gmail.com>
On Sun 19-08-18 15:35:06, Amir Goldstein wrote:
> Reported-and-tested-by: syzbot+c34692a51b9a6ca93540@syzkaller.appspotmail.com
> Fixes: 3ac70bfcde81 ("fsnotify: add helper to get mask from connector")
> Signed-off-by: Amir Goldstein <amir73il@gmail.com>
> ---
>
> Jan,
>
> syzbot reported (in private email) that the reproducer did not trigger
> the warning, so added tested-by.
Thanks for looking into this Amir! I was thinking about this for a while
and I'm not sure that __fsnotify_recalc_mask() call from
fsnotify_put_mark() is the only place calling __fsnotify_recalc_mask() that
can happen on detached connector. unlink(2) can get called pretty much at
any time so places like inotify_update_existing_watch() can easily work on
inode that is getting unlinked and by the time we get to
fsnotify_recalc_mask(), we can pass detached connector to it AFAICT.
conn->lock we hold in __fsnotify_recalc_mask() protecs us from
fsnotify_detach_connector_from_object() so we can reliably check connector
state in __fsnotify_recalc_mask() and just don't do anything when the
connector is already detached without issuing a warning. What do you think?
Honza
> fs/notify/mark.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/fs/notify/mark.c b/fs/notify/mark.c
> index 05506d60131c..d559a8ffe7ed 100644
> --- a/fs/notify/mark.c
> +++ b/fs/notify/mark.c
> @@ -236,6 +236,13 @@ void fsnotify_put_mark(struct fsnotify_mark *mark)
> if (hlist_empty(&conn->list)) {
> inode = fsnotify_detach_connector_from_object(conn);
> free_conn = true;
> + } else if (conn->type == FSNOTIFY_OBJ_TYPE_DETACHED) {
> + /*
> + * fsnotify_destroy_marks() detaches conn from object before
> + * put on last mark of object list and other marks on the list
> + * may still have elevated refcounts. We don't need to recalc
> + * mask nor to free_conn in that case.
> + */
> } else {
> __fsnotify_recalc_mask(conn);
> }
> --
> 2.7.4
>
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2018-08-20 13:22 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-19 12:35 [PATCH] fsnotify: fix false positive warning on inode delete Amir Goldstein
2018-08-20 10:07 ` Jan Kara [this message]
2018-08-20 10:32 ` Amir Goldstein
2018-08-20 12:32 Jan Kara
2018-08-20 13:48 ` Amir Goldstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180820100719.GB13830@quack2.suse.cz \
--to=jack@suse.cz \
--cc=amir73il@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.