From: Jan Kara <jack@suse.cz>
Date: Tue, 31 Oct 2017 09:09:25 +0000 (+0100)
Subject: fsnotify: Protect bail out path of fsnotify_add_mark_locked() properly
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=9cf90cef362d44b2f3fcdb7d0694849a6308b620;p=linux.git

fsnotify: Protect bail out path of fsnotify_add_mark_locked() properly

When fsnotify_add_mark_locked() fails it cleans up the mark it was
adding. Since the mark is already visible in group's list, we should
protect update of mark->flags with mark->lock. I'm not aware of any real
issues this could cause (since we also hold group->mark_mutex) but
better be safe and obey locking rules properly.

Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
---

diff --git a/fs/notify/mark.c b/fs/notify/mark.c
index 9991f88267342..47a827975b587 100644
--- a/fs/notify/mark.c
+++ b/fs/notify/mark.c
@@ -599,9 +599,11 @@ int fsnotify_add_mark_locked(struct fsnotify_mark *mark, struct inode *inode,
 
 	return ret;
 err:
+	spin_lock(&mark->lock);
 	mark->flags &= ~(FSNOTIFY_MARK_FLAG_ALIVE |
 			 FSNOTIFY_MARK_FLAG_ATTACHED);
 	list_del_init(&mark->g_list);
+	spin_unlock(&mark->lock);
 	atomic_dec(&group->num_marks);
 
 	fsnotify_put_mark(mark);