• Eric Paris's avatar
    vfs/fsnotify: fsnotify_close can delay the final work in fput · c1e5c954
    Eric Paris authored
    fanotify almost works like so:
    
    user context calls fsnotify_* function with a struct file.
       fsnotify takes a reference on the struct path
    user context goes about it's buissiness
    
    at some later point in time the fsnotify listener gets the struct path
       fanotify listener calls dentry_open() to create a file which userspace can deal with
          listener drops the reference on the struct path
    at some later point the listener calls close() on it's new file
    
    With the switch from struct path to struct file this presents a problem for
    fput() and fsnotify_close().  fsnotify_close() is called when the filp has
    already reached 0 and __fput() wants to do it's cleanup.
    
    The solution presented here is a bit odd.  If an event is created from a
    struct file we take a reference on the file.  We check however if the f_count
    was already 0 and if so we take an EXTRA reference EVEN THOUGH IT WAS ZERO.
    In __fput() (where we know the f_count hit 0 once) we check if the f_count is
    non-zero and if so we drop that 'extra' ref and return without destroying the
    file.
    Signed-off-by: default avatarEric Paris <eparis@redhat.com>
    c1e5c954
file_table.c 10.3 KB