• Alexander Viro's avatar
    [PATCH] Race with iput and umount · 6482f833
    Alexander Viro authored
    Jeff Mahoney notes:
    
     "generic_shutdown_super() will happily call the ->put_super fs method,
      destroying data structures still in use by the iput (->delete_inode)
      in progress. 
    
      The unlink path will call the ->unlink fs method, release the path
      (thus dropping the reference to the vfsmount, and then call iput.
      Since the vfsmount reference is dropped back to 1, a umount will
      succeed, causing the superblock to be cleaned up."
    
    Arrgh...  Here's the trivial fix: do the final "iput()" a bit earlier in
    the unlink path. 
    
    Note: all places that go to exit1: or exit: will have NULL inode, so we
    are not leaking anything here and it is OK do that iput() early; indeed,
    the goal of that kludge was to postpone the final iput() past the
    unlocking the parent for the sake of contention if a wunch of bankers is
    doing parallel unlink() on files in the same directory and normally it
    would happen on dput() after vfs_unlink())
    6482f833
namei.c 58.2 KB