Q: bugs in generic_forget_inode()?

From: Kirill Korotaev
Date: Mon Sep 06 2004 - 06:57:38 EST

Next message: Albert Herranz: "Re: 2.6.9-rc1-mm1 ppc build broken"
Previous message: Jörn Engel: "Re: [PATCH 1/3] copyfile: generic_sendpage"
Next in thread: Andrew Morton: "Re: Q: bugs in generic_forget_inode()?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

1. I found that generic_forget_inode() calls write_inode_now() dropping inode_lock and destroys inode after that. The problem is that write_inode_now() can sleep and during this sleep someone can find inode in the hash, w/o I_FREEING state and with i_count = 0.

If such inode will be iget'ed, then it will be iput'ed once more later messing with the current iput(). So the inode can be cleared and destroyed twice.

2. Why there is no wake_up_inode() in generic_forget_inode() like in generic_delete_inode()? Looks like it is missing...

is it bugs in generic_forget_inode()?

Kirill

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Albert Herranz: "Re: 2.6.9-rc1-mm1 ppc build broken"
Previous message: Jörn Engel: "Re: [PATCH 1/3] copyfile: generic_sendpage"
Next in thread: Andrew Morton: "Re: Q: bugs in generic_forget_inode()?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]