diff options
| author | Mark Johnston <markj@FreeBSD.org> | 2025-11-15 18:00:44 +0000 |
|---|---|---|
| committer | Colin Percival <cperciva@FreeBSD.org> | 2025-11-24 09:31:16 -0800 |
| commit | 76883b793db8385dd98bc81ac993f73eeda6164f (patch) | |
| tree | 9a419a71699d32795564291345a2ca245ea1ac34 | |
| parent | bada4c39b20c4378b485cff061c3b8da688e1621 (diff) | |
inotify: Work around the vput() bug directly
For 15.0, apply a minimal fix which at least ensures that inotify can't
trigger the latent race described in commit 99cb3dca4773 ("vnode: Rework
vput() to avoid holding the vnode lock after decrementing").
Approved by: re (cperciva)
Reviewed by: olce, kib
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D53774
(cherry picked from commit ebc17879f0885ca87644980f6275b9759b311eb3)
(cherry picked from commit 1f6e3abf41718e8e4a309be122f0a6048e9c5772)
| -rw-r--r-- | sys/kern/vfs_inotify.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/kern/vfs_inotify.c b/sys/kern/vfs_inotify.c index b265a5ff3a62..de8f99ea8d2f 100644 --- a/sys/kern/vfs_inotify.c +++ b/sys/kern/vfs_inotify.c @@ -380,7 +380,14 @@ inotify_unlink_watch_locked(struct inotify_softc *sc, struct inotify_watch *watc static void inotify_free_watch(struct inotify_watch *watch) { - vrele(watch->vp); + /* + * Formally, we don't need to lock the vnode here. However, if we + * don't, and vrele() releases the last reference, it's possible the + * vnode will be recycled while a different thread holds the vnode lock. + * Work around this bug by acquiring the lock here. + */ + (void)vn_lock(watch->vp, LK_EXCLUSIVE | LK_RETRY); + vput(watch->vp); free(watch, M_INOTIFY); } |