summaryrefslogtreecommitdiff
path: root/fs/file_table.c
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2010-07-28 10:18:38 -0400
committerEric Paris <eparis@redhat.com>2010-07-28 10:18:51 -0400
commitc1e5c954020e123d30b4abf4038ce501861bcf9f (patch)
treee8c9071ae4f37464e114fab79deea4716857f7ad /fs/file_table.c
parent3bcf3860a4ff9bbc522820b4b765e65e4deceb3e (diff)
downloadlinux-3.10-c1e5c954020e123d30b4abf4038ce501861bcf9f.tar.gz
linux-3.10-c1e5c954020e123d30b4abf4038ce501861bcf9f.tar.bz2
linux-3.10-c1e5c954020e123d30b4abf4038ce501861bcf9f.zip
vfs/fsnotify: fsnotify_close can delay the final work in fput
fanotify almost works like so: user context calls fsnotify_* function with a struct file. fsnotify takes a reference on the struct path user context goes about it's buissiness at some later point in time the fsnotify listener gets the struct path fanotify listener calls dentry_open() to create a file which userspace can deal with listener drops the reference on the struct path at some later point the listener calls close() on it's new file With the switch from struct path to struct file this presents a problem for fput() and fsnotify_close(). fsnotify_close() is called when the filp has already reached 0 and __fput() wants to do it's cleanup. The solution presented here is a bit odd. If an event is created from a struct file we take a reference on the file. We check however if the f_count was already 0 and if so we take an EXTRA reference EVEN THOUGH IT WAS ZERO. In __fput() (where we know the f_count hit 0 once) we check if the f_count is non-zero and if so we drop that 'extra' ref and return without destroying the file. Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'fs/file_table.c')
-rw-r--r--fs/file_table.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/fs/file_table.c b/fs/file_table.c
index 5c7d10ead4a..b8a0bb63cbd 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -230,6 +230,15 @@ static void __fput(struct file *file)
might_sleep();
fsnotify_close(file);
+
+ /*
+ * fsnotify_create_event may have taken one or more references on this
+ * file. If it did so it left one reference for us to drop to make sure
+ * its calls to fput could not prematurely destroy the file.
+ */
+ if (atomic_long_read(&file->f_count))
+ return fput(file);
+
/*
* The function eventpoll_release() should be the first called
* in the file cleanup chain.