On Fri, Apr 22, 2005 at 11:04:33AM -0400, John McCutchan wrote: > On Fri, 2005-04-22 at 09:56 +0100, Al Viro wrote: > > So what happens if > > * something is holding inotify_sem right now > > * ten threads call that on the same watch > > * all of them get to down(&inode->inotify_sem); and block there, > > having acquired ten references to the watch > > * after whatever had been holding ->inotify_sem in the first place > > releases it, they will one by one go through the rest of function. And > > drop _20_ references to the watch. 9 of those - after we kfree() the > > watch... > > In create_watch () we call get_inotify_watch (), which maps to the > put_inotify_watch() in remove_watch(). As far as I can tell the ref > counting is 1 for 1.
Or it would, if remove_watch() had been called only once. In the scenario above that will not be true. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
