notify: unused event private race inotify decides if private data it passed to get added to an event was used by checking list_empty(). But it's possible that the event may have been dequeued and the private event removed so it would look empty. The fix is to use the return code from fsnotify_add_notify_event rather than looking at the list. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit: eef3a116be11d35396efb2a8cc7345fd3221e294 [log] [tgz]
author: Eric Paris <eparis@redhat.com> Sun Aug 16 21:51:44 2009 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> Mon Aug 17 13:37:37 2009 -0700
tree: 2a5d0b36dd5985f29eac43f51b03e610e40b7c9b
parent: 0f66f96d21b4bbff49baaa337546e687d7c58e87 [diff] [blame]
diff --git a/fs/notify/notification.c b/fs/notify/notification.c
index 5213685..74b3cf3 100644
--- a/fs/notify/notification.c
+++ b/fs/notify/notification.c

@@ -171,9 +171,7 @@
 	struct list_head *list = &group->notification_list;
 	struct fsnotify_event_holder *last_holder;
 	struct fsnotify_event *last_event;
-
-	/* easy to tell if priv was attached to the event */
-	INIT_LIST_HEAD(&priv->event_list);
+	int ret = 0;
 
 	/*
 	 * There is one fsnotify_event_holder embedded inside each fsnotify_event.
@@ -194,6 +192,7 @@
 
 	if (group->q_len >= group->max_events) {
 		event = &q_overflow_event;
+		ret = -EOVERFLOW;
 		/* sorry, no private data on the overflow event */
 		priv = NULL;
 	}
@@ -235,7 +234,7 @@
 	mutex_unlock(&group->notification_mutex);
 
 	wake_up(&group->notification_waitq);
-	return 0;
+	return ret;
 }
 
 /*
commit	eef3a116be11d35396efb2a8cc7345fd3221e294	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Sun Aug 16 21:51:44 2009 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	Mon Aug 17 13:37:37 2009 -0700
tree	2a5d0b36dd5985f29eac43f51b03e610e40b7c9b
parent	0f66f96d21b4bbff49baaa337546e687d7c58e87 [diff] [blame]