[PATCH] procfs bug exposed by cdev changes

fs/inode.c assumes that any ->delete_inode() will call clear_inode(). procfs instance doesn't. It had passed unpunished for a while; cdev changes combined with ALSA creating character devices in procfs made it fatal. Patch follows. It had fixed ALSA-triggered memory corruption here - what happens in vanilla 2.5.70 is that clear_inode() is not called when procfs character device inodes are freed. That leaves a freed inode on a cyclic list, with obvious unpleasantness following when we try to traverse it (e.g. when unregistering a device).

[PATCH] procfs bug exposed by cdev changes
fs/inode.c assumes that any ->delete_inode() will call clear_inode(). procfs instance doesn't. It had passed unpunished for a while; cdev changes combined with ALSA creating character devices in procfs made it fatal. Patch follows. It had fixed ALSA-triggered memory corruption here - what happens in vanilla 2.5.70 is that clear_inode() is not called when procfs character device inodes are freed. That leaves a freed inode on a cyclic list, with obvious unpleasantness following when we try to traverse it (e.g. when unregistering a device).
cb13b158 · Alexander Viro · Arnaldo Carvalho de Melo · fc2dcf95 · cb13b158
Commit cb13b158 authored May 27, 2003 by Alexander Viro Committed by Arnaldo Carvalho de Melo May 27, 2003
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 2 deletions

fs/proc/inode.c fs/proc/inode.c +1 -2

No files found.
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
@@ -61,8 +61,6 @@ static void proc_delete_inode(struct inode *inode)
 	struct proc_dir_entry *de;
 	struct task_struct *tsk;

-	inode->i_state = I_CLEAR;
-
 	/* Let go of any associated process */
 	tsk = PROC_I(inode)->task;
 	if (tsk)
@@ -75,6 +73,7 @@ static void proc_delete_inode(struct inode *inode)
 			module_put(de->owner);
 		de_put(de);
 	}
+	clear_inode(inode);
 }

 struct vfsmount *proc_mnt;