fsnotify: Protect bail out path of fsnotify_add_mark_locked() properly
authorJan Kara <jack@suse.cz>
Tue, 31 Oct 2017 09:09:25 +0000 (10:09 +0100)
committerJan Kara <jack@suse.cz>
Tue, 31 Oct 2017 16:54:56 +0000 (17:54 +0100)
When fsnotify_add_mark_locked() fails it cleans up the mark it was
adding. Since the mark is already visible in group's list, we should
protect update of mark->flags with mark->lock. I'm not aware of any real
issues this could cause (since we also hold group->mark_mutex) but
better be safe and obey locking rules properly.

Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
fs/notify/mark.c

index 9991f88267342f9e699655cc29129225334e8dd6..47a827975b5878b3052d83cf9467cf00ebaecf32 100644 (file)
@@ -599,9 +599,11 @@ int fsnotify_add_mark_locked(struct fsnotify_mark *mark, struct inode *inode,
 
        return ret;
 err:
 
        return ret;
 err:
+       spin_lock(&mark->lock);
        mark->flags &= ~(FSNOTIFY_MARK_FLAG_ALIVE |
                         FSNOTIFY_MARK_FLAG_ATTACHED);
        list_del_init(&mark->g_list);
        mark->flags &= ~(FSNOTIFY_MARK_FLAG_ALIVE |
                         FSNOTIFY_MARK_FLAG_ATTACHED);
        list_del_init(&mark->g_list);
+       spin_unlock(&mark->lock);
        atomic_dec(&group->num_marks);
 
        fsnotify_put_mark(mark);
        atomic_dec(&group->num_marks);
 
        fsnotify_put_mark(mark);