This is my first post, so please tell me if this isn't the right sort of
thing to post here.
I think there is a race in iput() if inode->i_op->put_inode ==
force_delete()...
void iput(struct inode *inode)
{
if (inode) {
struct super_operations *op = NULL;
if (inode->i_sb && inode->i_sb->s_op)
op = inode->i_sb->s_op;
if (op && op->put_inode)
op->put_inode(inode);
//========>
if (!atomic_dec_and_lock(&inode->i_count, &inode_lock))
return;
if (!inode->i_nlink) {
list_del(&inode->i_hash);
INIT_LIST_HEAD(&inode->i_hash);
If force_delete() resets i_nlink to 0, somone else could iget4() the inode
just before the atomic_dec_and_lock().
--
Cheers,
Eric
----------------------------------------------------
|Eric Barton Barton Software |
|9 York Gardens Tel: +44 (117) 923 9831 |
|Clifton Mobile: +44 (7909) 680 356 |
|Bristol BS8 4LL Fax: call first |
|United Kingdom E-Mail: [EMAIL PROTECTED]|
----------------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to [EMAIL PROTECTED]
