In reviewing the usage of inuse filps I found a minor race problem in
do_open. Following an open failure the dentry is dput(), but the
filp->f_dentry field needs to be cleared first. If this is not done, a
block in dput() may allow the filp to be observed with a stale dentry
pointer, and an attempt to dereference it could be a problem.
A small patch to correct the problem is attached.
This doesn't explain the recent report of an oops in trying to close an
fd with a NULL dentry; we still need to track that one down.
Regards,
Bill
--------------CE6277799116580761B24A0A
Content-Type: text/plain; charset=us-ascii; name="fs_open111-patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="fs_open111-patch"
--- linux-2.1.111/fs/open.c.old Sun Jul 26 11:26:46 1998
+++ linux-2.1.111/fs/open.c Mon Jul 27 21:32:05 1998
@@ -671,6 +671,8 @@
return 0;
cleanup_all:
+ /* clear the slot, as dput() may block */
+ f->f_dentry = NULL;
if (f->f_mode & FMODE_WRITE)
put_write_access(inode);
cleanup_dentry:
--------------CE6277799116580761B24A0A--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html