Re: kernel bugs 2.6.31-rc6

From: Zdenek Kabelac
Date: Mon Aug 24 2009 - 05:06:31 EST

2009/8/16 Eric Paris <eparis@xxxxxxxxxx>:
> On Sat, 2009-08-15 at 10:52 -0700, Linus Torvalds wrote:
>> On Sat, 15 Aug 2009, Linus Torvalds wrote:
>> >
>> > For example, fsnotify_remove_priv_from_event() will remove the private
>> > data event from the list, but what if there are _multiple_ entries with
>> > the same 'group' entry? If so, it will remove just the first one.
> I can happen, but ONLY for the staticly declared q_overflow_event in
> notification.c.  If the refcnt on that ever hits 0 to trigger this bug
> we are in some serious dodo.
>> Hmm. Looking closer, that shouldn't much matter. Each time we added an
>> entry in private_data_list, we would have done a
>> 'fsnotify_get_event(event)' due to adding it to the 'golder->event_list'.
>> That said, there does seem to be some dubious code there. For example,
>> in 'inotify_ignored_and_remove_idr()', we do this:
>>         fsnotify_add_notify_event(group, ignored_event, fsn_event_priv);
>>         /* did the private data get added? */
>>         if (list_empty(&fsn_event_priv->event_list))
>>                 inotify_free_event_priv(fsn_event_priv);
>> and we do it without holding any locks at all. So as far as I can tell,
>> what could happen is that 'fsnotify_add_notify_event()' actually adds the
>> private event (fsn_event_priv), but then before we check that the
>> event_list is empty, another user (on another CPU, or preempted on the
>> same CPU - Christoph has both PREEMPT and SMP on) comes along, picks up
>> the private event and frees it (and re-uses it).
> Actually you look correct in your assessment that there is a race here.
> I guess I could imagine a way to make it panic like this, but I would
> have expected a different problem in that after I freed this memory
> (which wasn't mine any more) the other task which owned this memory
> would have to still be able to run list_for_each_entry, but find that
> it's group was no longer there.  Not sure how could screw up the group,
> but not the list entries.
> I'll fix this race tonight or in the morning.
> I'm downloading and installing KDE, as I guess kde uses inotify pretty
> hard since both Mikko and Christoph were using kde.


I'm not sure how it is related - but I've got folllowing ooops while
running yum upgrade
I'm using gnome.

I've added the backtrace to the Bugzilla mentioned in this thread.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at