fanotify: fix possible false warning when freeing events

When freeing permission events by fsnotify_destroy_event(), the warning
WARN_ON(!list_empty(&event->list)); may falsely hit.

This is because although fanotify_get_response() saw event->response
set, there is nothing to make sure the current CPU also sees the removal
of the event from the list.  Add proper locking around the WARN_ON() to
avoid the false warning.

Link: http://lkml.kernel.org/r/1473797711-14111-7-git-send-email-jack@suse.cz
Reported-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Lino Sanfilippo <LinoSanfilippo@gmx.de>
Cc: Eric Paris <eparis@redhat.com>
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/fs/notify/notification.c b/fs/notify/notification.c
index 8a7a8cd..1a8010e 100644 (file)
--- a/fs/notify/notification.c
+++ b/fs/notify/notification.c
@@ -74,8 +74,17 @@ void fsnotify_destroy_event(struct fsnotify_group *group,
        /* Overflow events are per-group and we don't want to free them */
        if (!event || event->mask == FS_Q_OVERFLOW)
                return;
-       /* If the event is still queued, we have a problem... */
-       WARN_ON(!list_empty(&event->list));
+       /*
+        * If the event is still queued, we have a problem... Do an unreliable
+        * lockless check first to avoid locking in the common case. The
+        * locking may be necessary for permission events which got removed
+        * from the list by a different CPU than the one freeing the event.
+        */
+       if (!list_empty(&event->list)) {
+               spin_lock(&group->notification_lock);
+               WARN_ON(!list_empty(&event->list));
+               spin_unlock(&group->notification_lock);
+       }
        group->ops->free_event(event);
 }