Re: query re unlink() ... inotify ... open() race

From: Al Viro
Date: Fri Sep 11 2015 - 21:15:01 EST

Next message: Hugh Dickins: "Re: Multiple potential races on vma->vm_flags"
Previous message: Rustad, Mark D: "Re: [RFC PATCH] vfio/pci: Use kernel VPD access functions"
In reply to: PÃdraig Brady: "query re unlink() ... inotify ... open() race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Sep 12, 2015 at 01:28:27AM +0100, Pádraig Brady wrote:

> The open() succeeding is surprising. Is that allowed?
> The summary of the sequence in the kernel is:
>
> vfs_unlink() {
> mutex_lock(&(dentry->d_inode->i_mutex));
> security_inode_unlink(dir, dentry);
> try_break_deleg(target, delegated_inode);
> dir->i_op->unlink(dir, dentry);
> dont_mount(dentry);
> detach_mounts(dentry);
> mutex_unlock(&(dentry->d_inode->i_mutex));
>
> fsnotify_link_count(target)
> d_delete(dentry);
> }

... and ->unlink() is the one to decrement the link count. With lookup
via dcache coming at some point after that. idiotify is a red herring
here - stat(2) will report decremented link count just as well.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Hugh Dickins: "Re: Multiple potential races on vma->vm_flags"
Previous message: Rustad, Mark D: "Re: [RFC PATCH] vfio/pci: Use kernel VPD access functions"
In reply to: PÃdraig Brady: "query re unlink() ... inotify ... open() race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]