From b31d397e430a90cbe9d3656929a7d5f96e986666 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 21 Apr 2010 16:49:38 -0400 Subject: fsnotify: call iput on inodes when no longer marked fsnotify takes an igrab on an inode when it adds a mark. The code was supposed to drop the reference when the mark was removed but didn't. This caused problems when an fs was unmounted because those inodes would clearly not be gone. Thus resulting in the most devistating of messages: VFS: Busy inodes after unmount of loop0. Self-destruct in 5 seconds. >>> Have a nice day... Jiri Slaby bisected the problem to a patch in the fsnotify tree. The code snippets below show my stupidity quite clearly. void fsnotify_destroy_inode_mark(struct fsnotify_mark *mark) { ... mark->inode = NULL; ... } void fsnotify_destroy_mark(struct fsnotify_mark *mark) { struct inode *inode = NULL; ... if (mark->flags & FSNOTIFY_MARK_FLAG_INODE) { fsnotify_destroy_inode_mark(mark); inode = mark->i.inode; } ... if (inode) iput(inode); ... } Obviously the intent was to capture the inode before it was set to NULL in fsnotify_destory_inode_mark() so we wouldn't be leaking inodes forever. Instead we leaked them (and exploded on umount) Reported-by: Jiri Slaby Signed-off-by: Eric Paris --- fs/notify/mark.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/notify/mark.c b/fs/notify/mark.c index 1e824e64441d..8f3b0e7a543d 100644 --- a/fs/notify/mark.c +++ b/fs/notify/mark.c @@ -133,8 +133,8 @@ void fsnotify_destroy_mark(struct fsnotify_mark *mark) spin_lock(&group->mark_lock); if (mark->flags & FSNOTIFY_MARK_FLAG_INODE) { - fsnotify_destroy_inode_mark(mark); inode = mark->i.inode; + fsnotify_destroy_inode_mark(mark); } else if (mark->flags & FSNOTIFY_MARK_FLAG_VFSMOUNT) fsnotify_destroy_vfsmount_mark(mark); else -- cgit v1.2.3