The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=ebc17879f0885ca87644980f6275b9759b311eb3
commit ebc17879f0885ca87644980f6275b9759b311eb3 Author: Mark Johnston <[email protected]> AuthorDate: 2025-11-15 18:00:44 +0000 Commit: Mark Johnston <[email protected]> CommitDate: 2025-11-16 18:20:15 +0000 inotify: Work around the vput() bug directly For 15.0, apply a minimal fix which at least ensures that inotify can't trigger the latent race described in commit 99cb3dca4773 ("vnode: Rework vput() to avoid holding the vnode lock after decrementing"). Reviewed by: olce, kib MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D53774 --- sys/kern/vfs_inotify.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sys/kern/vfs_inotify.c b/sys/kern/vfs_inotify.c index e60d8426ee42..fd1ef39b13f7 100644 --- a/sys/kern/vfs_inotify.c +++ b/sys/kern/vfs_inotify.c @@ -381,7 +381,14 @@ inotify_unlink_watch_locked(struct inotify_softc *sc, struct inotify_watch *watc static void inotify_free_watch(struct inotify_watch *watch) { - vrele(watch->vp); + /* + * Formally, we don't need to lock the vnode here. However, if we + * don't, and vrele() releases the last reference, it's possible the + * vnode will be recycled while a different thread holds the vnode lock. + * Work around this bug by acquiring the lock here. + */ + (void)vn_lock(watch->vp, LK_EXCLUSIVE | LK_RETRY); + vput(watch->vp); free(watch, M_INOTIFY); }
