Re: [PATCH] mqueue: sys_mq_open: do not call mnt_drop_write() ifread-only
From: Vladimir Davydov
Date: Tue Mar 19 2013 - 18:04:32 EST
On Mar 20, 2013, at 1:09 AM, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
wrote:
> On Tue, 19 Mar 2013 13:31:18 +0400 Vladimir Davydov <vdavydov@xxxxxxxxxxxxx> wrote:
>
>> mnt_drop_write() must be called only if mnt_want_write() succeeded,
>> otherwise the mnt_writers counter will diverge.
>>
>> ...
>>
>> --- a/ipc/mqueue.c
>> +++ b/ipc/mqueue.c
>> @@ -840,7 +840,8 @@ out_putfd:
>> fd = error;
>> }
>> mutex_unlock(&root->d_inode->i_mutex);
>> - mnt_drop_write(mnt);
>> + if (!ro)
>> + mnt_drop_write(mnt);
>> out_putname:
>> putname(name);
>> return fd;
>
> huh, that's been there for a while. What were the runtime-visible
> effects of the bug?
mnt_writers counters are used to check if remounting FS as read-only is OK, so after an extra mnt_drop_write() call, it would be impossible to remount mqueue FS as read-only. Besides, on umount a warning would be printed like this one:
[ 194.714880] =====================================
[ 194.719680] [ BUG: bad unlock balance detected! ]
[ 194.724488] 3.9.0-rc3 #5 Not tainted
[ 194.728159] -------------------------------------
[ 194.732958] a.out/12486 is trying to release lock (sb_writers) at:
[ 194.739355] [<ffffffff811b177f>] mnt_drop_write+0x1f/0x30
[ 194.744851] but there are no more locks to release!
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/