diff options
author | Eric Paris <eparis@redhat.com> | 2010-07-28 10:18:38 -0400 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2010-07-28 10:18:51 -0400 |
commit | c1e5c954020e123d30b4abf4038ce501861bcf9f (patch) | |
tree | e8c9071ae4f37464e114fab79deea4716857f7ad /fs/file_table.c | |
parent | 3bcf3860a4ff9bbc522820b4b765e65e4deceb3e (diff) | |
download | linux-3.10-c1e5c954020e123d30b4abf4038ce501861bcf9f.tar.gz linux-3.10-c1e5c954020e123d30b4abf4038ce501861bcf9f.tar.bz2 linux-3.10-c1e5c954020e123d30b4abf4038ce501861bcf9f.zip |
vfs/fsnotify: fsnotify_close can delay the final work in fput
fanotify almost works like so:
user context calls fsnotify_* function with a struct file.
fsnotify takes a reference on the struct path
user context goes about it's buissiness
at some later point in time the fsnotify listener gets the struct path
fanotify listener calls dentry_open() to create a file which userspace can deal with
listener drops the reference on the struct path
at some later point the listener calls close() on it's new file
With the switch from struct path to struct file this presents a problem for
fput() and fsnotify_close(). fsnotify_close() is called when the filp has
already reached 0 and __fput() wants to do it's cleanup.
The solution presented here is a bit odd. If an event is created from a
struct file we take a reference on the file. We check however if the f_count
was already 0 and if so we take an EXTRA reference EVEN THOUGH IT WAS ZERO.
In __fput() (where we know the f_count hit 0 once) we check if the f_count is
non-zero and if so we drop that 'extra' ref and return without destroying the
file.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'fs/file_table.c')
-rw-r--r-- | fs/file_table.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/fs/file_table.c b/fs/file_table.c index 5c7d10ead4a..b8a0bb63cbd 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -230,6 +230,15 @@ static void __fput(struct file *file) might_sleep(); fsnotify_close(file); + + /* + * fsnotify_create_event may have taken one or more references on this + * file. If it did so it left one reference for us to drop to make sure + * its calls to fput could not prematurely destroy the file. + */ + if (atomic_long_read(&file->f_count)) + return fput(file); + /* * The function eventpoll_release() should be the first called * in the file cleanup chain. |