diff options
| author | Mark Johnston <markj@FreeBSD.org> | 2025-11-15 18:00:44 +0000 |
|---|---|---|
| committer | Mark Johnston <markj@FreeBSD.org> | 2025-11-16 18:20:15 +0000 |
| commit | ebc17879f0885ca87644980f6275b9759b311eb3 (patch) | |
| tree | eb44ad3e4034b411402701f8959a45bacafa2947 | |
| parent | 474d4707e607eedb966685a6e8a2471342c0f23c (diff) | |
inotify: Work around the vput() bug directly
For 15.0, apply a minimal fix which at least ensures that inotify can't
trigger the latent race described in commit 99cb3dca4773 ("vnode: Rework
vput() to avoid holding the vnode lock after decrementing").
Reviewed by: olce, kib
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D53774
| -rw-r--r-- | sys/kern/vfs_inotify.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/kern/vfs_inotify.c b/sys/kern/vfs_inotify.c index e60d8426ee42..fd1ef39b13f7 100644 --- a/sys/kern/vfs_inotify.c +++ b/sys/kern/vfs_inotify.c @@ -381,7 +381,14 @@ inotify_unlink_watch_locked(struct inotify_softc *sc, struct inotify_watch *watc static void inotify_free_watch(struct inotify_watch *watch) { - vrele(watch->vp); + /* + * Formally, we don't need to lock the vnode here. However, if we + * don't, and vrele() releases the last reference, it's possible the + * vnode will be recycled while a different thread holds the vnode lock. + * Work around this bug by acquiring the lock here. + */ + (void)vn_lock(watch->vp, LK_EXCLUSIVE | LK_RETRY); + vput(watch->vp); free(watch, M_INOTIFY); } |