On Mar 20, 2013, at 1:09 AM, Andrew Morton <[email protected]> wrote:
> On Tue, 19 Mar 2013 13:31:18 +0400 Vladimir Davydov <[email protected]> > wrote: > >> mnt_drop_write() must be called only if mnt_want_write() succeeded, >> otherwise the mnt_writers counter will diverge. >> >> ... >> >> --- a/ipc/mqueue.c >> +++ b/ipc/mqueue.c >> @@ -840,7 +840,8 @@ out_putfd: >> fd = error; >> } >> mutex_unlock(&root->d_inode->i_mutex); >> - mnt_drop_write(mnt); >> + if (!ro) >> + mnt_drop_write(mnt); >> out_putname: >> putname(name); >> return fd; > > huh, that's been there for a while. What were the runtime-visible > effects of the bug? mnt_writers counters are used to check if remounting FS as read-only is OK, so after an extra mnt_drop_write() call, it would be impossible to remount mqueue FS as read-only. Besides, on umount a warning would be printed like this one: [ 194.714880] ===================================== [ 194.719680] [ BUG: bad unlock balance detected! ] [ 194.724488] 3.9.0-rc3 #5 Not tainted [ 194.728159] ------------------------------------- [ 194.732958] a.out/12486 is trying to release lock (sb_writers) at: [ 194.739355] [<ffffffff811b177f>] mnt_drop_write+0x1f/0x30 [ 194.744851] but there are no more locks to release! _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
