Date: Wed, 19 Nov 2025 16:17:17 +0000 From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 1f6e3abf4171 - stable/15 - inotify: Work around the vput() bug directly Message-ID: <691ded8d.398b1.5f100ac8@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch stable/15 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=1f6e3abf41718e8e4a309be122f0a6048e9c5772 commit 1f6e3abf41718e8e4a309be122f0a6048e9c5772 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2025-11-15 18:00:44 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2025-11-19 16:17:08 +0000 inotify: Work around the vput() bug directly For 15.0, apply a minimal fix which at least ensures that inotify can't trigger the latent race described in commit 99cb3dca4773 ("vnode: Rework vput() to avoid holding the vnode lock after decrementing"). Reviewed by: olce, kib MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D53774 (cherry picked from commit ebc17879f0885ca87644980f6275b9759b311eb3) --- sys/kern/vfs_inotify.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sys/kern/vfs_inotify.c b/sys/kern/vfs_inotify.c index e60d8426ee42..fd1ef39b13f7 100644 --- a/sys/kern/vfs_inotify.c +++ b/sys/kern/vfs_inotify.c @@ -381,7 +381,14 @@ inotify_unlink_watch_locked(struct inotify_softc *sc, struct inotify_watch *watc static void inotify_free_watch(struct inotify_watch *watch) { - vrele(watch->vp); + /* + * Formally, we don't need to lock the vnode here. However, if we + * don't, and vrele() releases the last reference, it's possible the + * vnode will be recycled while a different thread holds the vnode lock. + * Work around this bug by acquiring the lock here. + */ + (void)vn_lock(watch->vp, LK_EXCLUSIVE | LK_RETRY); + vput(watch->vp); free(watch, M_INOTIFY); }help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?691ded8d.398b1.5f100ac8>