git.cascardo.info Git - cascardo/linux.git/commit

author	Jan Kara <jack@suse.cz>
	Fri, 7 Oct 2016 23:56:49 +0000 (16:56 -0700)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Sat, 8 Oct 2016 01:46:26 +0000 (18:46 -0700)
commit	1404ff3cc3a14cb1fe8535e30b87d20da9513767
tree	b9cd46c15ce1cba5f29607455bdb8439bf242273	tree \| snapshot
parent	87840a2b7e048018d18d60bdac5c09224de85370	commit \| diff

fsnotify: drop notification_mutex before destroying event

fsnotify_flush_notify() and fanotify_release() destroy notification
event while holding notification_mutex.

The destruction of fanotify event includes a path_put() call which may
end up calling into a filesystem to delete an inode if we happen to be
the last holders of dentry reference which happens to be the last holder
of inode reference.

That in turn may violate lock ordering for some filesystems since
notification_mutex is also acquired e. g. during write when generating
fanotify event.

Also this is the only thing that forces notification_mutex to be a
sleeping lock. So drop notification_mutex before destroying a
notification event.

Link: http://lkml.kernel.org/r/1473797711-14111-4-git-send-email-jack@suse.cz
Signed-off-by: Jan Kara <jack@suse.cz>
Cc: Miklos Szeredi <mszeredi@redhat.com>
Cc: Lino Sanfilippo <LinoSanfilippo@gmx.de>
Cc: Eric Paris <eparis@redhat.com>
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

fs/notify/fanotify/fanotify_user.c		diff \| blob \| history
fs/notify/notification.c		diff \| blob \| history